• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2022-3912

February 23, 2023 by godfreyd94

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

CVE-2022-39019

February 23, 2023 by godfreyd94

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.

CVE-2022-39036

February 23, 2023 by godfreyd94

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.

CVE-2022-38916

February 23, 2023 by godfreyd94

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files

CVE-2022-38843

February 23, 2023 by godfreyd94

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

CVE-2022-38877

February 23, 2023 by godfreyd94

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 176
  • Go to page 177
  • Go to page 178
  • Go to page 179
  • Go to page 180
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE