Total
1161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | |||||
| CVE-2022-27468 | 1 Monstaftp | 1 Monsta Ftp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | |||||
| CVE-2022-27357 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27351 | 1 Zoo Management System Project | 1 Zoo Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27263 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-27262 | 1 Sailsjs | 1 Skipper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-27260 | 1 Buttercms | 1 Buttercms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2022-27140 | 1 Express-fileupload Project | 1 Express-fileupload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed). | |||||
| CVE-2022-27139 | 1 Ghost | 1 Ghost | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality. | |||||
| CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27115 | 2 Microsoft, Std42 | 2 Windows, Elfinder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | |||||
| CVE-2022-27047 | 1 Moguit | 1 Mogu Blog Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | |||||
| CVE-2022-26645 | 1 Banking System Project | 1 Banking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | |||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-25487 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | |||||
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-25016 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-24984 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked. | |||||
| CVE-2022-24652 | 1 Sentcms | 1 Sentcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | |||||