Total
3222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27083 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A | 7.2 HIGH |
| An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | |||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-26775 | 1 Monitorr | 1 Monitorr | 2024-11-21 | N/A | 7.8 HIGH |
| File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | |||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2024-11-21 | N/A | 8.8 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2023-26578 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 8.8 HIGH |
| Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | |||||
| CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | |||||
| CVE-2023-25909 | 1 Hgiga | 1 Oaklouds Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service. | |||||
| CVE-2023-25655 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 9.8 CRITICAL |
| baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. | |||||
| CVE-2023-25654 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 9.8 CRITICAL |
| baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. | |||||
| CVE-2023-25444 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. | |||||
| CVE-2023-25132 | 1 Cyberpower | 1 Powerpanel | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | |||||
| CVE-2023-24530 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A | 8.4 HIGH |
| SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-24317 | 1 Judging Management System Project | 1 Judging Management System | 2024-11-21 | N/A | 8.1 HIGH |
| Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | |||||
| CVE-2023-24249 | 1 Laravel-admin | 1 Laravel-admin | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-23970 | 1 Woorockets | 1 Corsa | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. | |||||
| CVE-2023-23937 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. | |||||
| CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2024-11-21 | N/A | 5.4 MEDIUM |
| SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | |||||
| CVE-2023-23707 | 1 Awsm | 1 Embed Any Document | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions. | |||||
| CVE-2023-23656 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | |||||
| CVE-2023-23607 | 1 Dasherr Project | 1 Dasherr | 2024-11-21 | N/A | 9.8 CRITICAL |
| erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue. | |||||