Total
3925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2025-04-20 | N/A |
| TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | ||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
| CVE-2017-11756 | 1 Earcms | 1 Ear Music | 2025-04-20 | N/A |
| In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | ||||
| CVE-2017-11466 | 1 Dotcms | 1 Dotcms | 2025-04-20 | N/A |
| Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | ||||
| CVE-2017-11405 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | ||||
| CVE-2017-11326 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | N/A |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | ||||
| CVE-2017-15580 | 1 Osticket | 1 Osticket | 2025-04-20 | N/A |
| osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. | ||||
| CVE-2017-1002016 | 1 Flickr Picture Backup Project | 1 Flickr Picture Backup | 2025-04-20 | 9.8 Critical |
| Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | ||||
| CVE-2017-1002008 | 1 Membership Simplified Project | 1 Membership Simplified | 2025-04-20 | 9.8 Critical |
| Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | ||||
| CVE-2017-1002002 | 1 Webapp-builder Project | 1 Webapp-builder | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | ||||
| CVE-2017-1000194 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2025-04-20 | N/A |
| DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||||
| CVE-2015-9228 | 1 Imagely | 1 Nextgen Gallery | 2025-04-20 | N/A |
| In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||||
| CVE-2016-8973 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | N/A |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | ||||
| CVE-2017-17874 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | N/A |
| Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | ||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | N/A |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-20 | N/A |
| InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | ||||
| CVE-2020-22539 | 2 Codoforum, Codologic | 2 Codoforum, Codoforum | 2025-04-18 | 7.2 High |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | 9.8 Critical |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | ||||