Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24676 | 1 Hyphp | 1 Hybbs2 | 2024-11-21 | 8.8 High |
| update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | ||||
| CVE-2022-24652 | 1 Sentcms | 1 Sentcms | 2024-11-21 | 9.8 Critical |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | ||||
| CVE-2022-24651 | 1 Sentcms | 1 Sentcms | 2024-11-21 | 9.8 Critical |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | ||||
| CVE-2022-24581 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 7.5 High |
| ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. | ||||
| CVE-2022-24553 | 1 Zfaka Project | 1 Zfaka | 2024-11-21 | 9.8 Critical |
| An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | ||||
| CVE-2022-24262 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 8.8 High |
| The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | ||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | ||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | ||||
| CVE-2022-24239 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 9.8 Critical |
| ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | ||||
| CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 9.8 Critical |
| Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.2 High |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | ||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2024-11-21 | 9.8 Critical |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | ||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 8.8 High |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | ||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 8.8 High |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | ||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 9.8 Critical |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | ||||
| CVE-2022-23315 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | ||||
| CVE-2022-23155 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 7.2 High |
| Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | ||||