An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST req
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/commo
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbit
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded fi
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upl
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the
LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This fla
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malici
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension vali
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploa
A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS b
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation le
Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. D
A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argum
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a m
A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of th
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows r
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti