Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2020-7863
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnera...
Raonwiz Raon K Upload
7.5
CVSSv2
CVE-2006-1208
Sergey Korostel PHP Upload Center allows remote malicious users to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
Sergey Korostel Php Upload Center
5
CVSSv2
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote malicious users to download each password hash via a direct request for the upload/users/[USERNAME] file.
Sergey Korostel Php Upload Center
5
CVSSv2
CVE-2005-2607
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload prior to 1.3.1 allows remote malicious users to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
Phpsimplicity Simplicity Of Upload 1.3
7.5
CVSSv2
CVE-2006-6549
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote malicious users to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and...
Rad Inks Rad Upload 3.02
NA
CVE-2022-34154
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
Ideastocode Enable Svg\\, Webp \\& Ico Upload
NA
CVE-2023-2143
The Enable SVG, WebP & ICO Upload WordPress plugin up to and including 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.
Ideastocode Enable Svg\\, Webp \\& Ico Upload
6.8
CVSSv2
CVE-2007-4499
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote malicious users to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from ...
American Financing Email Image Upload 4.1
6.8
CVSSv2
CVE-2008-6785
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a nam...
Galaxyscripts Mini File Host 1.5
2 EDB exploits
7.5
CVSSv2
CVE-2007-0871
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote malicious users to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
Extremepow Extreme File Hosting
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »