ReportizFlow
Filtered by vendor
Subscriptions
Total
3888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36667 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 8.8 High |
| Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. | ||||
| CVE-2022-36582 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-36580 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-36557 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | ||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | 9.1 Critical |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | ||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 9.8 Critical |
| UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | ||||
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 9.8 Critical |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 7.2 High |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files. | ||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 9.8 Critical |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | 7.2 High |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2024-11-21 | 8.8 High |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | ||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2024-11-21 | 9.8 Critical |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | ||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. | ||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php. | ||||
| CVE-2022-32994 | 1 Halo | 1 Halo | 2024-11-21 | 9.8 Critical |
| Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | ||||
| CVE-2022-32433 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 7.2 High |
| itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | ||||
| CVE-2022-32413 | 1 Dice Project | 1 Dice | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-32119 | 1 Arox | 1 School Erp Pro | 2024-11-21 | 8.8 High |
| Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. | ||||
| CVE-2022-32019 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 9.8 Critical |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | ||||