Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6549
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote malicious users to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and...
Rad Inks Rad Upload 3.02
8.8
CVSSv3
CVE-2022-34154
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg, Webp & Ico Upload
5.4
CVSSv3
CVE-2023-2143
The Enable SVG, WebP & ICO Upload WordPress plugin up to and including 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
Ideastocode Enable Svg, Webp & Ico Upload
NA
CVE-2007-4499
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote malicious users to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from ...
American Financing Email Image Upload 4.1
NA
CVE-2008-6785
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a nam...
Galaxyscripts Mini File Host 1.5
2 EDB exploits
NA
CVE-2007-0871
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote malicious users to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
Extremepow Extreme File Hosting
1 EDB exploit
NA
CVE-2006-7134
Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote malicious users to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
Noah Spurrier Upload Tool For Php 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2020-25213
The File Manager (wp-file-manager) plugin prior to 6.9 for WordPress allows remote malicious users to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows malicious users to run th...
Webdesi9 File Manager
12 Github repositories
8.8
CVSSv3
CVE-2023-6846
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute cod...
Filemanagerpro File Manager Pro
8.8
CVSSv3
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager prior to 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Tiny File Manager Project Tiny File Manager
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »