• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2022-27262

February 23, 2023 by godfreyd94

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.

CVE-2022-27263

February 23, 2023 by godfreyd94

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.

CVE-2022-27115

February 23, 2023 by godfreyd94

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.

CVE-2022-27129

February 23, 2023 by godfreyd94

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27131

February 23, 2023 by godfreyd94

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27139

February 23, 2023 by godfreyd94

** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost’s security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client’s browser – this is expected and intentional functionality.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 201
  • Go to page 202
  • Go to page 203
  • Go to page 204
  • Go to page 205
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE