Total
3035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29514 | 1 Lepton-cms | 1 Leptoncms | 2025-05-01 | 8.8 High |
| File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-29515 | 1 Lepton-cms | 1 Leptoncms | 2025-05-01 | 8.8 High |
| File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. | ||||
| CVE-2024-33120 | 2 Roothub, Roothub Project | 2 Roothub, Roothub | 2025-05-01 | 9.8 Critical |
| Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. | ||||
| CVE-2022-43146 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-43074 | 1 Ayacms Project | 1 Ayacms | 2025-05-01 | 9.8 Critical |
| AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-39865 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-05-01 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. | ||||
| CVE-2024-28418 | 1 Webedition | 1 Webedition Cms | 2025-04-30 | 6.5 Medium |
| Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php | ||||
| CVE-2018-15573 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 8.8 High |
| An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability. | ||||
| CVE-2025-3969 | 1 Code-projects | 1 News Publishing Site Dashboard | 2025-04-30 | 6.3 Medium |
| A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3830 | 1 Kuangstudy | 1 Kuangsimplebbs | 2025-04-30 | 6.3 Medium |
| A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25846 | 1 Simpleimportproduct Project | 1 Simpleimportproduct | 2025-04-30 | 9.1 Critical |
| In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. | ||||
| CVE-2024-42767 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | ||||
| CVE-2024-29368 | 1 Mozilo | 1 Mozilocms | 2025-04-30 | 6.5 Medium |
| An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content. | ||||
| CVE-2024-42991 | 1 Mingsoft | 1 Mcms | 2025-04-30 | 8.1 High |
| MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. | ||||
| CVE-2025-29017 | 1 Codeastro | 1 Internet Banking System | 2025-04-30 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php. | ||||
| CVE-2024-37762 | 1 Machform | 1 Machform | 2025-04-30 | 9.9 Critical |
| MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. | ||||
| CVE-2024-34833 | 1 Oretnom23 | 1 Payroll Management System | 2025-04-30 | 9.8 Critical |
| Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server. | ||||
| CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2025-04-30 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-43265 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-04-30 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-4349 | 1 Donbermoy | 1 Pisay Online E-learning System | 2025-04-29 | 7.3 High |
| A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability. | ||||