ReportizFlow
Filtered by vendor
Subscriptions
Total
3099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49329 | 2025-06-06 | 6.6 Medium | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2. | ||||
| CVE-2025-48782 | 2025-06-06 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file. | ||||
| CVE-2024-48760 | 1 Gestioip | 1 Gestioip | 2025-06-06 | 9.8 Critical |
| An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. | ||||
| CVE-2025-5728 | 2025-06-06 | 6.3 Medium | ||
| A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42563 | 1 Jerryhanjj | 1 Erp | 2025-06-05 | 9.8 Critical |
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | ||||
| CVE-2025-29093 | 2025-06-05 | 8.2 High | ||
| File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component. | ||||
| CVE-2025-3054 | 2025-06-05 | 8.8 High | ||
| The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use. | ||||
| CVE-2024-24399 | 1 Lepton-cms | 1 Leptoncms | 2025-06-05 | 7.2 High |
| An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. | ||||
| CVE-2024-10627 | 2 Support Ticket System Project, Vanquish | 2 Support Ticket System, Woocommerce Support Ticket System | 2025-06-05 | 9.8 Critical |
| The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-22895 | 1 Dedecms | 1 Dedecms | 2025-06-05 | 8.8 High |
| DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | ||||
| CVE-2024-11391 | 2 Advancedfilemanager, Modalweb | 2 Advanced File Manager, Advanced File Manager | 2025-06-05 | 7.5 High |
| The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-47151 | 1 Honor | 1 Magicos | 2025-06-05 | 6.3 Medium |
| Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | ||||
| CVE-2024-13333 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-06-05 | 7.5 High |
| The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The function can be exploited only if the "Display .htaccess?" setting is enabled. | ||||
| CVE-2023-5604 | 1 Asgaros | 1 Asgaros Forum | 2025-06-05 | 9.8 Critical |
| The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | ||||
| CVE-2023-4225 | 1 Chamilo | 2 Chamilo, Chamilo Lms | 2025-06-05 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||
| CVE-2025-47577 | 2025-06-05 | 10 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0. | ||||
| CVE-2024-40744 | 2 Convert Forms Project, Tassosgr | 2 Convert Forms, Convert Forms | 2025-06-04 | 9.8 Critical |
| Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | ||||
| CVE-2025-46078 | 1 Huocms | 1 Huocms | 2025-06-04 | 5.3 Medium |
| HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server | ||||
| CVE-2025-46080 | 1 Huocms | 1 Huocms | 2025-06-04 | 5.3 Medium |
| HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server. | ||||
| CVE-2024-11000 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 4.7 Medium |
| A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||