Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP modu
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the fil
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG ed
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attacke
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager.
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip fil
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper val
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file up
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulatio
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload function
Page 1+ Next →