Total
3653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6127 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-5965 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 9.1 Critical |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | ||||
| CVE-2023-5931 | 1 Rtcamp | 1 Rtmedia | 2024-11-21 | 8.8 High |
| The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server | ||||
| CVE-2023-5829 | 1 Admission Management System Project | 1 Admission Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728. | ||||
| CVE-2023-5822 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2024-11-21 | 8.1 High |
| The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types. | ||||
| CVE-2023-5812 | 1 Flusity | 1 Flusity | 2024-11-21 | 4.7 Medium |
| A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643. | ||||
| CVE-2023-5796 | 1 Martmbithi | 1 Pos System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5795 | 1 Martmbithi | 1 Pos System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability. | ||||
| CVE-2023-5790 | 1 Remyandrade | 1 File Manager App | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | ||||
| CVE-2023-5673 | 1 Wpvibes | 1 Wp Mail Log | 2024-11-21 | 8.8 High |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. | ||||
| CVE-2023-5637 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2024-11-21 | 7.5 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1. | ||||
| CVE-2023-5636 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1. | ||||
| CVE-2023-5524 | 1 M-files | 1 Web Companion | 2024-11-21 | 8.2 High |
| Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types | ||||
| CVE-2023-5493 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5492 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5490 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5489 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5488 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5284 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912. | ||||
| CVE-2023-5262 | 1 Openrapid | 1 Rapidcms | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871. | ||||