Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
file upload vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-5199
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of...
Wordpress File Upload Project Wordpress File Upload
5
CVSSv2
CVE-2005-1956
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks....
File Upload Manager File Upload Manager
6.8
CVSSv2
CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors....
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.x
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0
7.5
CVSSv2
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0...
Jquery File Upload Project Jquery File Upload
3 EDB exploits available
1 Metasploit module available
27 Github repositories available
1 Article available
7.5
CVSSv2
CVE-2008-2510
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter....
Wordpress Upload File Plugin
1 EDB exploit available
4.3
CVSSv2
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS....
Iptanus Wordpress File Upload
1 EDB exploit available
7.5
CVSSv2
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote...
Creative-solutions Creative Contact Form
Jquery File Upload Project Jquery File Upload 6.4.4
2 EDB exploits available
9.3
CVSSv2
CVE-2007-2563
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument....
Versalsoft Http File Upload Activex Control
2 EDB exploits available
7.5
CVSSv2
CVE-2020-10564
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call....
Iptanus Wordpress File Upload
5 Github repositories available
5
CVSSv2
CVE-2015-9339
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files....
Iptanus Wordpress File Upload
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-36542
NULL pointer dereference
CVE-2021-3490
CVE-2021-36934
code injection
SSRF
CVE-2021-34632
CVE-2021-33325
CVE-2021-27503
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon