• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2022-40721

February 23, 2023 by godfreyd94

Arbitrary file upload vulnerability in php uploader

CVE-2022-40777

February 23, 2023 by godfreyd94

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.

CVE-2022-40797

February 23, 2023 by godfreyd94

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)

CVE-2022-4061

February 23, 2023 by godfreyd94

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

CVE-2022-40407

February 23, 2023 by godfreyd94

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

CVE-2022-40431

February 23, 2023 by godfreyd94

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 172
  • Go to page 173
  • Go to page 174
  • Go to page 175
  • Go to page 176
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE