An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized acce
code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web sh
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary
A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfi
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Exec
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backd
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files.
This vulnerability is due to an insufficient input validation
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostB
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.