Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file project file vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6316
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated malicious users to upload arbit...
Mw Wp Form Project Mw Wp Form
9.8
CVSSv3
CVE-2024-0389
A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the...
Student Attendance System Project Student Attendance System 1.0
9.8
CVSSv3
CVE-2024-0342
A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used...
Inis Project Inis
9.8
CVSSv3
CVE-2024-0247
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated r...
Online Food Ordering System Project Online Food Ordering System 1.0
9.8
CVSSv3
CVE-2023-50090
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows malicious users to write arbitrary files and run arbitrary commands via crafted POST request.
Ureport2 Project Ureport2
9.8
CVSSv3
CVE-2023-7116
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os co...
Datax-web Project Datax-web 2.1.2
9.8
CVSSv3
CVE-2023-6887
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to i...
Forestblog Project Forestblog
9.8
CVSSv3
CVE-2023-5636
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1.
Arslansoft Education Portal Project Arslansoft Education Portal
9.8
CVSSv3
CVE-2023-4922
The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to a local file inclusion via the `path` parameter.
Wpb Show Core Project Wpb Show Core
9.8
CVSSv3
CVE-2023-6102
A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation leads to unrestricted up...
Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »