Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2009-4818
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote malicious users to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
Phpsimplicity Simplicity Of Upload 1.3.2
1 EDB exploit
7.5
CVSSv2
CVE-2006-6360
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the footerpage parameter.
Sergey Korostel Php Upload Center 2.0
1 EDB exploit
3.5
CVSSv2
CVE-2022-30999
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary ...
Friendsofflarum Upload
NA
CVE-2022-37346
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated malicious user to upload arbitrary files other than image files. If ...
Ec-cube Product Image Bulk Upload 4.1.0
Ec-cube Product Image Bulk Upload 1.0.0
7.5
CVSSv2
CVE-2019-8293
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
Abcprintf Upload-image-with-ajax 1.0
4
CVSSv2
CVE-2019-10284
Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Diawi Upload
4
CVSSv2
CVE-2020-2208
Jenkins Slack Upload Plugin 1.7 and previous versions stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Slack Upload
NA
CVE-2016-15017
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is a...
Ecodev Media Upload
7.5
CVSSv2
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin prior to 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked&qu...
Woocommerce Upload Files
4
CVSSv2
CVE-2019-1003089
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Upload To Pgyer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »