Total
3886 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36580 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-36557 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | ||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | 9.1 Critical |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | ||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 9.8 Critical |
| UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | ||||
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 9.8 Critical |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 7.2 High |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files. | ||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 9.8 Critical |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | 7.2 High |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2024-11-21 | 8.8 High |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | ||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2024-11-21 | 9.8 Critical |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | ||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. | ||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php. | ||||
| CVE-2022-32994 | 1 Halo | 1 Halo | 2024-11-21 | 9.8 Critical |
| Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | ||||
| CVE-2022-32433 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 7.2 High |
| itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | ||||
| CVE-2022-32413 | 1 Dice Project | 1 Dice | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-32119 | 1 Arox | 1 School Erp Pro | 2024-11-21 | 8.8 High |
| Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. | ||||
| CVE-2022-32019 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 9.8 Critical |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | ||||
| CVE-2022-31943 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2022-31854 | 1 Codologic | 1 Codoforum | 2024-11-21 | 7.2 High |
| Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | ||||