Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

file upload vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2005-1956
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks....
File Upload Manager File Upload Manager
6.8
CVSSv2
CVE-2014-5199
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of...
Wordpress File Upload Project Wordpress File Upload
6.8
CVSSv2
CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors....
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.xWebform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0
7.5
CVSSv2
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0...
Jquery File Upload Project Jquery File Upload
4.3
CVSSv2
CVE-2021-23439
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file)....
File-upload-with-preview Project File-upload-with-preview
3.5
CVSSv2
CVE-2021-24961
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Iptanus Wordpress File UploadIptanus Wordpress File Upload Pro
3.5
CVSSv2
CVE-2021-24960
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site...
Iptanus Wordpress File UploadIptanus Wordpress File Upload Pro
6.5
CVSSv2
CVE-2021-24962
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the...
Iptanus Wordpress File UploadIptanus Wordpress File Upload Pro
7.5
CVSSv2
CVE-2008-2510
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter....
Wordpress Upload File Plugin
4.3
CVSSv2
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS....
Iptanus Wordpress File Upload
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30216administrator privilegesreflected XSSCVE-2022-35011CVE-2022-34713CVE-2022-35009CVE-2022-35479CVE-2022-1410authentication bypass
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook