Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload manager file upload manager vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-40964
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows malicious users to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ....
Tinyfilemanager Project Tinyfilemanager
1 Github repository
NA
CVE-2008-2110
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
Qto Qtofilemanager 1.0
1 EDB exploit
NA
CVE-2009-3843
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote malicious users to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.H...
Hp Operations Manager 8.10
1 EDB exploit
2 Github repositories
7.5
CVSSv3
CVE-2019-3489
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote malicious user to...
Microfocus Content Manager
8.8
CVSSv3
CVE-2021-34639
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3...
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2020-4620
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated malicious user to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malici...
Ibm Data Risk Manager
9.8
CVSSv3
CVE-2022-24629
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/A...
Audiocodes Device Manager Express
5.4
CVSSv3
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.
Aitangbao Springboot-manager 1.6
5.5
CVSSv3
CVE-2017-14771
Skybox Manager Client Application before 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload ...
Skyboxsecurity Skybox Manager Client Application
4.8
CVSSv3
CVE-2019-15108
An issue exists in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Wso2 Api Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »