Total
3006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12150 | 1 Karamasoft | 1 Ultimateeditor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI. | |||||
| CVE-2019-12099 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload. | |||||
| CVE-2019-11887 | 1 Simplybook | 1 Simplybook | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. | |||||
| CVE-2019-11807 | 1 Visser | 1 Woocommerce Checkout Manager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks. | |||||
| CVE-2019-11655 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. | |||||
| CVE-2019-11615 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server. | |||||
| CVE-2019-11568 | 1 Aikcms | 1 Aikcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type. | |||||
| CVE-2019-11447 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.) | |||||
| CVE-2019-11446 | 1 Atutor | 1 Atutor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml. | |||||
| CVE-2019-11445 | 1 Openkm | 1 Openkm | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges. | |||||
| CVE-2019-11401 | 1 Siteserver | 1 Siteserver Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted. | |||||
| CVE-2019-11377 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. | |||||
| CVE-2019-11344 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. | |||||
| CVE-2019-11223 | 1 Supportcandy | 1 Supportcandy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2019-11216 | 1 Bmc | 1 Remedy Smart Reporting | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. | |||||
| CVE-2019-11185 | 1 3cx | 1 Live Chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension. | |||||
| CVE-2019-11074 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor. | |||||
| CVE-2019-11031 | 1 Mirasys | 1 Mirasys Vms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges. | |||||
| CVE-2019-11028 | 1 Gatship | 1 Web Module | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx". | |||||
| CVE-2019-11021 | 1 Schlix | 1 Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site. | |||||