Total
1117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36582 | 1 Kooboo | 1 Kooboo Cms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. | |||||
| CVE-2021-36581 | 1 Kooboo | 1 Kooboo Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. | |||||
| CVE-2021-36548 | 1 Monstra | 1 Monstra | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | |||||
| CVE-2021-36547 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | |||||
| CVE-2021-36440 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. | |||||
| CVE-2021-36356 | 1 Kramerav | 1 Viaware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. | |||||
| CVE-2021-36042 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. | |||||
| CVE-2021-36040 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution. | |||||
| CVE-2021-35963 | 1 Learningdigital | 1 Orca Hcm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks. | |||||
| CVE-2021-34624 | 1 Properfraction | 1 Profilepress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34623 | 1 Properfraction | 1 Profilepress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34427 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | |||||
| CVE-2021-34074 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | |||||
| CVE-2021-33224 | 1 Umbraco | 1 Umbraco Forms | 2024-11-21 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | |||||
| CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-32630 | 1 Admidio | 1 Admidio | 2024-11-21 | 6.5 MEDIUM | 9.6 CRITICAL |
| Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could rename the php shell with a .phar extension, visit the file, triggering the payload for a reverse/bind shell. This can be mitigated by excluding a .phar file extension to be uploaded (like you did with .php .phtml .php5 etc). The vulnerability is patched in version 4.0.4. | |||||
| CVE-2021-32538 | 1 Artware Cms Project | 1 Artware Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. | |||||
| CVE-2021-32089 | 1 Zebra | 2 Fx9500, Fx9500 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-31737 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. | |||||
| CVE-2021-31703 | 1 Frontiersoftware | 1 Ichris | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. | |||||