Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0871
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote malicious users to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
Extremepow Extreme File Hosting
1 EDB exploit
9.8
CVSSv3
CVE-2020-25213
The File Manager (wp-file-manager) plugin prior to 6.9 for WordPress allows remote malicious users to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows malicious users to run th...
Webdesi9 File Manager
12 Github repositories
8.8
CVSSv3
CVE-2023-6846
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute cod...
Filemanagerpro File Manager Pro
9.8
CVSSv3
CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 up to and including 1.7) allows remote malicious users to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for uploa...
Prestashop Prestashop
Mypresta Customer Files Upload 2018-08-01
8.8
CVSSv3
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager prior to 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Tiny File Manager Project Tiny File Manager
6 Github repositories
9.8
CVSSv3
CVE-2022-40721
Arbitrary file upload vulnerability in php uploader
Creativedream File Uploader Project Creativedream File Uploader 0.3
8.8
CVSSv3
CVE-2019-16790
In Tiny File Manager prior to 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
Tiny File Manager Project Tiny File Manager
NA
CVE-2014-5324
Unrestricted file upload vulnerability in the N-Media file uploader plugin prior to 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
Najeebmedia N-media File Uploader 3.0
Najeebmedia N-media File Uploader 3.1
Najeebmedia N-media File Uploader
Najeebmedia N-media File Uploader 3.2
NA
CVE-2012-4959
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote malicious users to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Novell File Reporter 1.0.2
2 EDB exploits
9.8
CVSSv3
CVE-2022-45476
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
Tiny File Manager Project Tiny File Manager 2.4.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »