Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51473 | 1 Pixelemu | 1 Terraclassifieds | 2024-11-21 | N/A | 10.0 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.
|
|||||
| CVE-2023-51468 | 1 Boiteasite | 1 Download Rencontre - Dating Site | 2024-11-21 | N/A | 10.0 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
|
|||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2024-11-21 | N/A | 9.9 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
|
|||||
| CVE-2023-51419 | 1 Bertha | 1 Bertha Ai | 2024-11-21 | N/A | 10.0 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.
|
|||||
| CVE-2023-51417 | 1 Jorisvm | 1 Jvm Gutenberg Rich Text Icons | 2024-11-21 | N/A | 9.9 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.
|
|||||
| CVE-2023-51412 | 1 Piotnet | 1 Piotnet Forms | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.
|
|||||
| CVE-2023-51411 | 1 Dynamiapps | 1 Frontend Admin | 2024-11-21 | N/A | 10.0 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.
|
|||||
| CVE-2023-51410 | 1 Wpvibes | 1 Wp Mail Log | 2024-11-21 | N/A | 9.9 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.
|
|||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
|
|||||
| CVE-2023-50760 | 1 Kashipara | 1 Online Notice Board System | 2024-11-21 | N/A | 8.8 HIGH |
|
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
|
|||||
| CVE-2023-50729 | 1 Traccar | 1 Traccar | 2024-11-21 | N/A | 8.4 HIGH |
|
Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.
|
|||||
| CVE-2023-50564 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
|
|||||
| CVE-2023-50104 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.
|
|||||
| CVE-2023-50038 | 1 Textpattern | 1 Textpattern | 2024-11-21 | N/A | 8.8 HIGH |
|
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
|
|||||
| CVE-2023-4988 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.
|
|||||
| CVE-2023-4817 | 1 Icpdas | 2 Et-7060, Et-7060 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.
|
|||||
| CVE-2023-4739 | 1 Byzoro | 2 Smart S85f, Smart S85f Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The vendor was contacted early about this disclosure ...
Show More |
|||||
| CVE-2023-4559 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulner ...
Show More |
|||||
| CVE-2023-4409 | 1 Happysoft | 1 Nbs\&happysoftwechat | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.
|
|||||
| CVE-2023-4311 | 1 Maurice | 1 Vrm360 | 2024-11-21 | N/A | 8.8 HIGH |
|
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
|
|||||
| CVE-2023-4243 | 1 Full | 1 Full - Customer | 2024-11-21 | N/A | 8.8 HIGH |
|
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.
|
|||||
| CVE-2023-4226 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A | 8.8 HIGH |
|
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
|
|||||
| CVE-2023-4225 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A | 8.8 HIGH |
|
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
|
|||||
| CVE-2023-4224 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A | 8.8 HIGH |
|
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
|
|||||
| CVE-2023-4223 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A | 8.8 HIGH |
|
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
|
|||||
| CVE-2023-4220 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A | 8.1 HIGH |
|
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
|
|||||
| CVE-2023-4186 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability.
|
|||||
| CVE-2023-4159 | 1 Omeka | 1 Omeka S | 2024-11-21 | N/A | 8.8 HIGH |
|
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
|
|||||
| CVE-2023-4122 | 1 Imsurajghosh | 1 Student Information System | 2024-11-21 | N/A | 9.9 CRITICAL |
|
Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
|
|||||
| CVE-2023-4121 | 1 Byzoro | 1 Smart S85f | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-4097 | 1 Qsige | 1 Qsige | 2024-11-21 | N/A | 8.8 HIGH |
|
The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.
|
|||||
| CVE-2023-49815 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
|
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.
|
|||||
| CVE-2023-49814 | 1 Symbiostock | 1 Symbiostock | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0.
|
|||||
| CVE-2023-49052 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 8.8 HIGH |
|
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
|
|||||
| CVE-2023-48966 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.
|
|||||
| CVE-2023-48965 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.
|
|||||
| CVE-2023-48930 | 1 Rockoa | 1 Xinhu | 2024-11-21 | N/A | 9.8 CRITICAL |
|
xinhu xinhuoa 2.2.1 contains a File upload vulnerability.
|
|||||
| CVE-2023-48394 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | N/A | 8.8 HIGH |
|
Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
|
|||||
| CVE-2023-48376 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
|
|||||
| CVE-2023-48371 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
|
|||||