Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient vali
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modu
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to uplo
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells t
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custo
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate pri
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST reques
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is a
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a m
A vulnerability allowing remote code execution (RCE) for domain users.
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially le
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publi
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Page 1+ Next →