Total
3379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24984 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 9.8 Critical |
| Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked. | ||||
| CVE-2022-24688 | 1 Dsk | 1 Dsknet | 2024-11-21 | 8.8 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page. | ||||
| CVE-2022-24676 | 1 Hyphp | 1 Hybbs2 | 2024-11-21 | 8.8 High |
| update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | ||||
| CVE-2022-24652 | 1 Sentcms | 1 Sentcms | 2024-11-21 | 9.8 Critical |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | ||||
| CVE-2022-24651 | 1 Sentcms | 1 Sentcms | 2024-11-21 | 9.8 Critical |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | ||||
| CVE-2022-24581 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 7.5 High |
| ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. | ||||
| CVE-2022-24553 | 1 Zfaka Project | 1 Zfaka | 2024-11-21 | 9.8 Critical |
| An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | ||||
| CVE-2022-24262 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 8.8 High |
| The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | ||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | ||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | ||||
| CVE-2022-24239 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 9.8 Critical |
| ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | ||||
| CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.2 High |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | ||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2024-11-21 | 9.8 Critical |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | ||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 8.8 High |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | ||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 8.8 High |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | ||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 9.8 Critical |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | ||||