Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnera...
Raonwiz Raon K Upload
NA
CVE-2006-1208
Sergey Korostel PHP Upload Center allows remote malicious users to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
Sergey Korostel Php Upload Center
NA
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote malicious users to download each password hash via a direct request for the upload/users/[USERNAME] file.
Sergey Korostel Php Upload Center
NA
CVE-2005-2607
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload prior to 1.3.1 allows remote malicious users to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
Phpsimplicity Simplicity Of Upload 1.3
NA
CVE-2006-6549
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote malicious users to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and...
Rad Inks Rad Upload 3.02
8.8
CVSSv3
CVE-2022-34154
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg\\, Webp \\& Ico Upload
5.4
CVSSv3
CVE-2023-2143
The Enable SVG, WebP & ICO Upload WordPress plugin up to and including 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
Ideastocode Enable Svg\\, Webp \\& Ico Upload
NA
CVE-2007-4499
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote malicious users to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from ...
American Financing Email Image Upload 4.1
NA
CVE-2008-6785
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a nam...
Galaxyscripts Mini File Host 1.5
2 EDB exploits
NA
CVE-2007-0871
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote malicious users to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
Extremepow Extreme File Hosting
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »