Total
3006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4159 | 1 Omeka | 1 Omeka S | 2024-11-21 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
| CVE-2023-4122 | 1 Imsurajghosh | 1 Student Information System | 2024-11-21 | N/A | 9.9 CRITICAL |
| Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
| CVE-2023-4121 | 1 Byzoro | 1 Smart S85f | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4097 | 1 Qsige | 1 Qsige | 2024-11-21 | N/A | 8.8 HIGH |
| The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username. | |||||
| CVE-2023-49815 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | |||||
| CVE-2023-49814 | 1 Symbiostock | 1 Symbiostock | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0. | |||||
| CVE-2023-49715 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 4.3 MEDIUM |
| A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-49052 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 8.8 HIGH |
| File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | |||||
| CVE-2023-48966 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | |||||
| CVE-2023-48965 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | |||||
| CVE-2023-48930 | 1 Rockoa | 1 Xinhu | 2024-11-21 | N/A | 9.8 CRITICAL |
| xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | |||||
| CVE-2023-48394 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | N/A | 8.8 HIGH |
| Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | |||||
| CVE-2023-48376 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | |||||
| CVE-2023-48371 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 9.8 CRITICAL |
| ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-48275 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. | |||||
| CVE-2023-48217 | 1 Statamic | 1 Statamic | 2024-11-21 | N/A | 8.8 HIGH |
| Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48031 | 1 Opensupports | 1 Opensupports | 2024-11-21 | N/A | 9.8 CRITICAL |
| OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. | |||||
| CVE-2023-47842 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | |||||
| CVE-2023-47784 | 1 Themepunch | 1 Slider Revolution | 2024-11-21 | N/A | 8.4 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15. | |||||
| CVE-2023-47706 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.6 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. | |||||