Search Results (4316 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-13714 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-22137 2026-04-15 9.8 Critical
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
CVE-2023-50897 2 Meow Apps, Wordpress 2 Media File Renamer, Wordpress 2026-04-15 9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7.
CVE-2013-10034 1 Kaseya 2 Kserver, Virtual System Administrator 2026-04-15 N/A
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
CVE-2013-10038 1 Tufat 2 Flashchat, Mybackup 2026-04-15 N/A
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
CVE-2013-10043 1 Astium 1 Voip Pbx 2026-04-15 N/A
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
CVE-2024-5050 2026-04-15 6.3 Medium
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.
CVE-2013-10047 3 Microsoft, Miniweb2, Miniweb Http Server Project 3 Windows, Miniweb, Miniweb Http Server 2026-04-15 N/A
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
CVE-2023-46694 1 Vtenext 1 Vtenext 2026-04-15 8.1 High
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.
CVE-2013-10054 1 Librettocms 1 Librettocms 2026-04-15 N/A
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
CVE-2013-10055 1 Havalite 2 Cms, Havalite 2026-04-15 N/A
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
CVE-2013-10066 1 Kordil Edms Project 1 Kordil Edms 2026-04-15 N/A
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
CVE-2013-10067 1 Glossword 1 Glossword 2026-04-15 N/A
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
CVE-2016-15046 1 Hanwha-security 1 Smart Security Manager 2026-04-15 N/A
A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges. This vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side. This product is now referred to as Hanwha Wisenet SSM and it is unknown if current versions are affected.
CVE-2024-6431 1 Medianet 1 Ads Manager 2026-04-15 8.8 High
The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is only exploitable if anyone has ever logged in through the API.
CVE-2024-7257 1 Yaycommerce 1 Yayextra 2026-04-15 9.8 Critical
The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2019-25296 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Additionally, the attacker can also delete files on the server such as database configuration files, subsequently uploading their own database files.
CVE-2024-9504 1 Wpdevart 1 Booking Calendar 2026-04-15 7.2 High
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVE-2024-9544 2 Mapsvg, Wordpress 2 Mapsvg, Wordpress 2026-04-15 6.4 Medium
The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVE-2025-0731 2026-04-15 6.5 Medium
An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.