Check CVE Id
Check CWE Id
ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload
Gardenoma Remote File Upload Vulnerability
WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
phpCollab 2.5.1 Arbitrary File Upload
PhpCollab 2.5.1 Shell Upload
Nuxeo Platform 6.x / 7.x Shell Upload
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
Matt Bergin (@thatguyl...
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
Cisco Firepower Threat Management Command Execution
WordPress Daily Edition 1.6.2 File Upload
Intrexx Professional 6.0 / 5.2 Remote Code Execution
HelpDEZk 1.0.1 Unrestricted File Upload
High-Tech Bridge Secur...
WordPress E-Commerce 22.214.171.124 File Upload / XSS / CSRF / Code Execution
DMXReady Registration Manager Arbitrary File Upload Vulnerability
CVEMAP Search Results
Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.
Frog cms project
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
Attribute wizard project
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 126.96.36.199 through 188.8.131.52 allows remote attackers to execute arbitrary code by uploading a .phtml file.
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files.
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 184.108.40.206, and AP300 devices with firmware before 220.127.116.11. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
Back to Top