An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpi
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted f
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload maliciou
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HT
A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&i
The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on th
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using t
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. T
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote
A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestri
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir paramet
A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file u