Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised exte
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers c
CVE-2024-11680
CRITICAL CVSS 9.8 KEV
Find Similar
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, e
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can ac
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack ma
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using t
CVE-2024-48782
CRITICAL CVSS 9.8
Find Similar
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.
CVE-2021-47819
CRITICAL CVSS 9.3
Find Similar
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP scr
An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received usin
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image re
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the fil
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Stude
CVE-2021-47936
CRITICAL CVSS 9.3
Find Similar
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Atta
Page 1+ Next →