Total
3226 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | 7.2 High |
| Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 8.8 High |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | ||||
| CVE-2022-37426 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-11-21 | 4.3 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | ||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 8.8 High |
| The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | ||||
| CVE-2022-37181 | 1 72crm | 1 Wukong Crm | 2024-11-21 | 9.8 Critical |
| 72crm 9.0 has an Arbitrary file upload vulnerability. | ||||
| CVE-2022-37159 | 1 Claroline | 1 Claroline | 2024-11-21 | 9.8 Critical |
| Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | ||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2024-11-21 | 8.0 High |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | ||||
| CVE-2022-36667 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 8.8 High |
| Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. | ||||
| CVE-2022-36582 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-36580 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-36557 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | ||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | 9.1 Critical |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | ||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 9.8 Critical |
| UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | ||||
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 9.8 Critical |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 7.2 High |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files. | ||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 9.8 Critical |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | 7.2 High |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2024-11-21 | 8.8 High |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | ||||