Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3129 | 1 Online Driving School Project Project | 1 Online Driving School Project | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.
|
|||||
| CVE-2022-3125 | 1 Najeebmedia | 1 Frontend File Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
|
|||||
| CVE-2022-39305 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds.
|
|||||
| CVE-2022-39301 | 1 Sra-admin Project | 1 Sra-admin | 2024-11-21 | N/A | 8.2 HIGH |
|
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.
|
|||||
| CVE-2022-39036 | 1 Flowring | 1 Agentflow | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.
|
|||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
|
|||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
|
|||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
|
|||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
|
|||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
|
|||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
|
|||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
|
|||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A | 8.8 HIGH |
|
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.
|
|||||
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | N/A | 8.8 HIGH |
|
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
|
|||||
| CVE-2022-38140 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-11-21 | N/A | 7.6 HIGH |
|
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.
|
|||||
| CVE-2022-37426 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.
|
|||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file.
|
|||||
| CVE-2022-37181 | 1 72crm | 1 Wukong Crm | 2024-11-21 | N/A | 9.8 CRITICAL |
|
72crm 9.0 has an Arbitrary file upload vulnerability.
|
|||||
| CVE-2022-37159 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.
|
|||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2024-11-21 | N/A | 8.0 HIGH |
|
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
|
|||||
| CVE-2022-36769 | 2 Ibm, Redhat | 2 Cloud Pak For Data, Openshift | 2024-11-21 | N/A | 7.2 HIGH |
|
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.
|
|||||
| CVE-2022-36667 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.
|
|||||
| CVE-2022-36582 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-36580 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | N/A | 7.2 HIGH |
|
An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-36557 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file.
|
|||||
| CVE-2022-36285 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2024-11-21 | N/A | 7.2 HIGH |
|
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
|
|||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
|
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.
|
|||||
| CVE-2022-36066 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
|
|||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
|
|||||
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.
|
|||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 7.2 HIGH |
|
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.
|
|||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | N/A | 7.2 HIGH |
|
Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.
|
|||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2024-11-21 | N/A | 8.8 HIGH |
|
Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.
|
|||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.
|
|||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php.
|
|||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.
|
|||||