Total
3291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30821 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. | |||||
| CVE-2022-30820 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. | |||||
| CVE-2022-30819 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. | |||||
| CVE-2022-30808 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | |||||
| CVE-2022-30506 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | |||||
| CVE-2022-30448 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | |||||
| CVE-2022-30423 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||||
| CVE-2022-30216 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Server Service Tampering Vulnerability | |||||
| CVE-2022-30007 | 1 Gxcms Project | 1 Gxcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. | |||||
| CVE-2022-2909 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability. | |||||
| CVE-2022-2872 | 1 Octoprint | 1 Octoprint | 2024-11-21 | N/A | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | |||||
| CVE-2022-2804 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2791 | 1 Emerson | 1 Proficy | 2024-11-21 | N/A | 5.9 MEDIUM |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | |||||
| CVE-2022-2779 | 1 Gas Agency Management System Project | 1 Gas Agency Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability. | |||||
| CVE-2022-2751 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024. | |||||
| CVE-2022-2750 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2749 | 1 Gym Management System Project | 1 Gym Management System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability. | |||||
| CVE-2022-2746 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2744 | 1 Gym Management System Project | 1 Gym Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012. | |||||
| CVE-2022-2740 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability. | |||||