Total
3651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27139 | 1 Ghost | 1 Ghost | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality | ||||
| CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-27115 | 2 Microsoft, Std42 | 2 Windows, Elfinder | 2024-11-21 | 9.8 Critical |
| In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | ||||
| CVE-2022-27064 | 1 Musical World Project | 1 Musical World | 2024-11-21 | 8.8 High |
| Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-27061 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 7.2 High |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-27047 | 1 Moguit | 1 Mogu Blog Cms | 2024-11-21 | 9.8 Critical |
| mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | ||||
| CVE-2022-26965 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.2 High |
| In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | ||||
| CVE-2022-26630 | 1 Jellycms | 1 Jellycms | 2024-11-21 | 8.8 High |
| Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. | ||||
| CVE-2022-26627 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 8.8 High |
| Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. | ||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 High |
| Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | ||||
| CVE-2022-26607 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2022-26605 | 1 Dascomsoft | 1 Eziosuite | 2024-11-21 | 8.8 High |
| eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | ||||
| CVE-2022-26521 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 7.2 High |
| Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). | ||||
| CVE-2022-26149 | 1 Modx | 1 Revolution | 2024-11-21 | 7.2 High |
| MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | ||||
| CVE-2022-25581 | 1 Classcms | 1 Classcms | 2024-11-21 | 7.8 High |
| Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | ||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25487 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 9.8 Critical |
| Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | ||||
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25360 | 1 Watchguard | 1 Fireware | 2024-11-21 | 8.8 High |
| WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||