Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4818
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote malicious users to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
Phpsimplicity Simplicity Of Upload 1.3.2
1 EDB exploit
NA
CVE-2006-6360
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the footerpage parameter.
Sergey Korostel Php Upload Center 2.0
1 EDB exploit
5.4
CVSSv3
CVE-2022-30999
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary ...
Friendsofflarum Upload
9.8
CVSSv3
CVE-2022-37346
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated malicious user to upload arbitrary files other than image files. If ...
Ec-cube Product Image Bulk Upload 4.1.0
Ec-cube Product Image Bulk Upload 1.0.0
8.8
CVSSv3
CVE-2019-10284
Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Diawi Upload
4.3
CVSSv3
CVE-2020-2208
Jenkins Slack Upload Plugin 1.7 and previous versions stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Slack Upload
9.8
CVSSv3
CVE-2016-15017
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is a...
Ecodev Media Upload
9.8
CVSSv3
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin prior to 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked&qu...
Woocommerce Upload Files
6.5
CVSSv3
CVE-2019-1003089
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Upload To Pgyer
8.8
CVSSv3
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnera...
Raonwiz Raon K Upload
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »