Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-1205
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin prior to 0.20 for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the abspath parameter.
Alanft Relocate-upload 0.11
Alanft Relocate-upload 0.10
Alanft Relocate-upload
1 EDB exploit
6.8
CVSSv2
CVE-2007-0497
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the maindir parameter.
Upload-service Upload-service 1.0
1 EDB exploit
5
CVSSv2
CVE-2006-7133
Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote malicious users to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter.
Php Upload Tool Php Upload Tool 1.0
1 EDB exploit
8.5
CVSSv2
CVE-2008-6207
Unrestricted file upload vulnerability in form_upload.php in PHPG Upload 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. NOTE: the provenance of this information ...
Phpg Upload Phpg Upload 1.0
7.5
CVSSv2
CVE-2022-29353
An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows malicious users to execute arbitrary code via a crafted filename.
Graphql-upload Project Graphql-upload 13.0.0
7.5
CVSSv2
CVE-2015-4607
Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and previous versions for TYPO3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a di...
Frontend User Upload Project Frontend User Upload
4
CVSSv2
CVE-2020-15239
In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to c...
Xmpp-http-upload Project Xmpp-http-upload
NA
CVE-2022-4633
A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may...
Auto Upload Images Project Auto Upload Images
7.5
CVSSv2
CVE-2014-4972
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and previous versions for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-c...
Ajax Upload For Gravity Forms Project Ajax Upload For Gravity Forms
NA
CVE-2022-4101
The Images Optimize and Upload CF7 WordPress plugin up to and including 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
Images Optimize And Upload Cf7 Project Images Optimize And Upload Cf7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »