Total
3435 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | |||||
| CVE-2022-24262 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | |||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | |||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | |||||
| CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | |||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | |||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | |||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | |||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | |||||
| CVE-2022-23315 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | |||||
| CVE-2022-23155 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | |||||
| CVE-2022-23048 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | |||||
| CVE-2022-23043 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. | |||||
| CVE-2022-23026 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Acceleration Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-22952 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. | |||||
| CVE-2022-22929 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | |||||