Total
3012 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7943 | 2 Adonesevangelista, Itsourcecode | 2 Laravel Property Management System, Laravel Property Management System | 2024-09-03 | 6.3 Medium |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42991 | 1 Mingsoft | 1 Mcms | 2024-09-03 | 8.1 High |
| MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. | ||||
| CVE-2024-6117 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 8.8 High |
| A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. | ||||
| CVE-2024-8294 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8295 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8296 | 1 Feehi | 1 Feehicms | 2024-08-30 | 6.3 Medium |
| A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8170 | 2 Rems, Sourcecodester | 2 Zipped Folder Manager App, Zipped Folder Manager App | 2024-08-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8089 | 2 E-commerce System Project, Janobe | 2 E-commerce System, E-commerce System | 2024-08-27 | 6.3 Medium |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8166 | 1 Ruijie | 2 Eg2000k, Eg2000k Firmware | 2024-08-27 | 4.7 Medium |
| A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7987 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-08-26 | N/A |
| A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. | ||||
| CVE-2024-7329 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42767 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | ||||
| CVE-2024-42780 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42777 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 9.8 Critical |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42779 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-7706 | 2 Fujian, Mainwww | 2 Mwcms, Mwcms | 2024-08-22 | 4.7 Medium |
| A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42563 | 1 Jerryhanjj | 1 Erp | 2024-08-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | ||||
| CVE-2024-7944 | 1 Adonesevangelista | 1 Laravel Property Management System | 2024-08-21 | 6.3 Medium |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7917 | 2 Douco, Douphp | 2 Douphp, Douphp | 2024-08-21 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7905 | 1 Dedebiz | 1 Dedebiz | 2024-08-20 | 6.3 Medium |
| A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||