Total
3379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16949 | 1 Accesspressthemes | 1 Anonymous Post Pro | 2025-04-20 | N/A |
| An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution. | ||||
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2025-04-20 | N/A |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | ||||
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | N/A |
| The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | ||||
| CVE-2017-15876 | 1 Sistemagpweb | 1 Gpweb | 2025-04-20 | N/A |
| Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | ||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2025-04-20 | N/A |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||||
| CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2025-04-20 | N/A |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | ||||
| CVE-2017-11405 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | ||||
| CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | ||||
| CVE-2020-22539 | 1 Codologic | 1 Codoforum | 2025-04-18 | 7.2 High |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | 9.8 Critical |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | ||||
| CVE-2024-31351 | 1 Copymatic | 1 Copymatic | 2025-04-18 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | ||||
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | 9.8 Critical |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | ||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | 8.8 High |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | ||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 9.9 Critical |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | ||||
| CVE-2025-27282 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3. | ||||
| CVE-2025-31339 | 2025-04-17 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file. | ||||
| CVE-2025-32652 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | ||||
| CVE-2025-32682 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. | ||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2025-04-17 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | ||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | 9.8 Critical |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | ||||