Total
3291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4436 | 1 Wp3dprinting | 1 3dprint Lite | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. | |||||
| CVE-2021-4382 | 1 Recently Project | 1 Recently | 2024-11-21 | N/A | 8.8 HIGH |
| The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2021-4354 | 1 Magazine3 | 1 Pwa For Wp \& Amp | 2024-11-21 | N/A | 8.8 HIGH |
| The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2021-4225 | 2 Microsoft, Smartypantsplugins | 2 Windows, Sp Project \& Document Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. | |||||
| CVE-2021-4096 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | |||||
| CVE-2021-4080 | 1 Craterapp | 1 Crater | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| crater is vulnerable to Unrestricted Upload of File with Dangerous Type | |||||
| CVE-2021-46428 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | |||||
| CVE-2021-46386 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | |||||
| CVE-2021-46367 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | |||||
| CVE-2021-46360 | 1 Ocproducts | 1 Composr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | |||||
| CVE-2021-46116 | 1 Jpress | 1 Jpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | |||||
| CVE-2021-46115 | 1 Jpress | 1 Jpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. | |||||
| CVE-2021-46113 | 1 Kea-hotel-erp Project | 1 Kea-hotel-erp | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. | |||||
| CVE-2021-46097 | 1 Dolphinphp | 1 Dolphinphp | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | |||||
| CVE-2021-46079 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. | |||||
| CVE-2021-46078 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. | |||||
| CVE-2021-46076 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. | |||||
| CVE-2021-46036 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | |||||
| CVE-2021-46033 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In ForestBlog, as of 2021-12-28, File upload can bypass verification. | |||||
| CVE-2021-46013 | 1 Free School Management Software Project | 1 Free School Management Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users. | |||||