Filtered by vendor Shimosyan Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-56124 1 Shimosyan 1 Phpuploader 2026-07-01 7.5 High
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.