An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension vali
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows r
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded fi
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager pl
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which f
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, a
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remot
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, all
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpi
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file u
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: bef
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
Page 1+ Next →