Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28223 | 1 Tekon | 16 Kio, Kio-1m, Kio-1m Firmware and 13 more | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
|
|||||
| CVE-2022-28120 | 1 Rainier | 1 Open Virtual Simulation Experiment Teaching Management Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.
|
|||||
| CVE-2022-28104 | 2 Apple, Foxit | 2 Iphone Os, Pdf Editor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.
|
|||||
| CVE-2022-28062 | 1 Online Car Rental System Project | 1 Online Car Rental System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.
|
|||||
| CVE-2022-28053 | 1 Typemill | 1 Typemill | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-28021 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.
|
|||||
| CVE-2022-27952 | 1 Payloadcms | 1 Payload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
|
|||||
| CVE-2022-27862 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
|
|||||
| CVE-2022-27478 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.
|
|||||
| CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
|
|||||
| CVE-2022-27468 | 1 Monstaftp | 1 Monsta Ftp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server.
|
|||||
| CVE-2022-27435 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.
|
|||||
| CVE-2022-27357 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27352 | 1 Simple House Rental System Project | 1 Simple House Rental System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27351 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27349 | 1 Socialcodia | 1 Social Codia Sms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27346 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27263 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2022-27262 | 1 Sailsjs | 1 Skipper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2022-27261 | 1 Express-fileupload Project | 1 Express-fileupload | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
|
|||||
| CVE-2022-27260 | 1 Buttercms | 1 Buttercms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
|
|||||
| CVE-2022-27249 | 1 Idearespa | 1 Reftree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.
|
|||||
| CVE-2022-27140 | 1 Express-fileupload Project | 1 Express-fileupload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).
|
|||||
| CVE-2022-27139 | 1 Ghost | 1 Ghost | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and inten ...
Show More |
|||||
| CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27115 | 2 Microsoft, Std42 | 2 Windows, Elfinder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
|
|||||
| CVE-2022-27064 | 1 Musical World Project | 1 Musical World | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27061 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-27047 | 1 Moguit | 1 Mogu Blog Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
|
|||||
| CVE-2022-26965 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
|
|||||
| CVE-2022-26630 | 1 Jellycms | 1 Jellycms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.
|
|||||
| CVE-2022-26627 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file.
|
|||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
|
|||||
| CVE-2022-26607 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.
|
|||||
| CVE-2022-26605 | 1 Dascomsoft | 1 Eziosuite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.
|
|||||
| CVE-2022-26521 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
|
|||||
| CVE-2022-26149 | 1 Modx | 1 Revolution | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
|
|||||
| CVE-2022-25602 | 1 Expresstech | 1 Responsive Menu | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
|
|||||
| CVE-2022-25581 | 1 Classcms | 1 Classcms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.
|
|||||