Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload maliciou
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded f
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack ma
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir paramet
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded fi
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upl
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file.
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directo
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows r
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: bef
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary
Page 1+ Next →