• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2018-21024

February 26, 2023 by

licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.

CVE-2018-20926

February 26, 2023 by

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).

CVE-2018-20925

February 26, 2023 by

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).

CVE-2018-20526

February 26, 2023 by

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.

CVE-2018-20166

February 26, 2023 by

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in “.php” with mixed case, such as the .pHp extension.

CVE-2018-20063

February 26, 2023 by

An issue was discovered in Gurock TestRail 5.6.0.3853. An “Unrestricted Upload of File” vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it’s accessible according to the server configuration).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 5
  • Go to page 6
  • Go to page 7
  • Go to page 8
  • Go to page 9
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE