• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2022-45968

February 23, 2023 by godfreyd94

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

CVE-2022-46020

February 23, 2023 by godfreyd94

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.

CVE-2022-45896

February 23, 2023 by godfreyd94

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.

CVE-2022-45912

February 23, 2023 by godfreyd94

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.

CVE-2022-45759

February 23, 2023 by godfreyd94

SENS v1.0 has a file upload vulnerability.

CVE-2022-45548

February 23, 2023 by godfreyd94

AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 155
  • Go to page 156
  • Go to page 157
  • Go to page 158
  • Go to page 159
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE