Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27061 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 7.2 High |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-27047 | 1 Moguit | 1 Mogu Blog Cms | 2024-11-21 | 9.8 Critical |
| mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | ||||
| CVE-2022-26965 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.2 High |
| In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | ||||
| CVE-2022-26645 | 1 Banking System Project | 1 Banking System | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | ||||
| CVE-2022-26630 | 1 Jellycms | 1 Jellycms | 2024-11-21 | 8.8 High |
| Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. | ||||
| CVE-2022-26627 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 8.8 High |
| Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. | ||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 High |
| Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | ||||
| CVE-2022-26607 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2022-26605 | 1 Dascomsoft | 1 Eziosuite | 2024-11-21 | 8.8 High |
| eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | ||||
| CVE-2022-26521 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 7.2 High |
| Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). | ||||
| CVE-2022-26149 | 1 Modx | 1 Revolution | 2024-11-21 | 7.2 High |
| MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | ||||
| CVE-2022-25581 | 1 Classcms | 1 Classcms | 2024-11-21 | 7.8 High |
| Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | ||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25487 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 9.8 Critical |
| Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | ||||
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25360 | 1 Watchguard | 1 Fireware | 2024-11-21 | 8.8 High |
| WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2022-25115 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 7.8 High |
| A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | ||||
| CVE-2022-25016 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 9.8 Critical |
| Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-24984 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 9.8 Critical |
| Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked. | ||||
| CVE-2022-24688 | 1 Dsk | 1 Dsknet | 2024-11-21 | 8.8 High |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page. | ||||