Total
3006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2024-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in php uploader | |||||
| CVE-2022-40471 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40407 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 8.8 HIGH |
| A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | |||||
| CVE-2022-40341 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A | 8.8 HIGH |
| mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2022-40087 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40050 | 1 Zfile | 1 Zfile | 2024-11-21 | N/A | 9.8 CRITICAL |
| ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | |||||
| CVE-2022-40048 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 7.2 HIGH |
| Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | |||||
| CVE-2022-3944 | 1 Erp Project | 1 Erp | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. | |||||
| CVE-2022-3771 | 1 Easyiicms | 1 Easyiicms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. | |||||
| CVE-2022-3682 | 1 Hitachienergy | 1 Sdm600 | 2024-11-21 | N/A | 9.9 CRITICAL |
| A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:* | |||||
| CVE-2022-3575 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. | |||||
| CVE-2022-3552 | 1 Boxbilling | 1 Boxbilling | 2024-11-21 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. | |||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | |||||
| CVE-2022-3537 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2024-11-21 | N/A | 8.8 HIGH |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | |||||
| CVE-2022-3458 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | |||||
| CVE-2022-3436 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367. | |||||
| CVE-2022-3257 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 3.1 LOW |
| Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | |||||
| CVE-2022-3129 | 1 Online Driving School Project Project | 1 Online Driving School Project | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872. | |||||