• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2022-2594

February 23, 2023 by godfreyd94

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.

CVE-2022-25581

February 23, 2023 by godfreyd94

Classcms v2.5 and below contains an arbitrary file upload via the component classclassupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.

CVE-2022-25602

February 23, 2023 by godfreyd94

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).

CVE-2022-25487

February 23, 2023 by godfreyd94

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.

CVE-2022-25495

February 23, 2023 by godfreyd94

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.

CVE-2022-25360

February 23, 2023 by godfreyd94

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 205
  • Go to page 206
  • Go to page 207
  • Go to page 208
  • Go to page 209
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE