Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4825 | 2024-11-21 | 9.8 Critical | ||
| A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure. | ||||
| CVE-2024-4306 | 2024-11-21 | 9.9 Critical | ||
| Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. | ||||
| CVE-2024-49314 | 1 Zhuige | 1 Jiangqie Free Mini Program | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2. | ||||
| CVE-2024-45171 | 1 Za-internet | 1 C-mor Video Surveillance | 2024-11-21 | 8.8 High |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory "/srv/www/backups" on the C-MOR system, and can thus be accessed via the URL https://<HOST>/backup/upload_<FILENAME>. Due to broken access control, low-privileged authenticated users can also use this file upload functionality. | ||||
| CVE-2024-42054 | 1 Cervantessec | 1 Cervantes | 2024-11-21 | 5.4 Medium |
| Cervantes through 0.5-alpha accepts insecure file uploads. | ||||
| CVE-2024-40553 | 1 Mini | 1 Mini-tmall | 2024-11-21 | 4.9 Medium |
| Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage. | ||||
| CVE-2024-40551 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 6.2 Medium |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40550 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40548 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40546 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40545 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40425 | 1 Nanjing Xingyuantu Technology | 1 Sparkshop | 2024-11-21 | 9.8 Critical |
| File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component. | ||||
| CVE-2024-40400 | 1 Automad | 1 Automad | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2024-40394 | 1 Sourcecodester | 1 Simple Library Management System | 2024-11-21 | 9.8 Critical |
| Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php. | ||||
| CVE-2024-40318 | 1 Webkul | 1 Qloapps | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-3912 | 2024-11-21 | 9.8 Critical | ||
| Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. | ||||
| CVE-2024-3804 | 2024-11-21 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3803 | 2024-11-21 | 6.3 Medium | ||
| A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3778 | 2024-11-21 | 7.2 High | ||
| The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code. | ||||
| CVE-2024-3736 | 2024-11-21 | 4.3 Medium | ||
| A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. | ||||