• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2019-8433

February 26, 2023 by

JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.

CVE-2019-8362

February 26, 2023 by

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as “1.jpg.php” (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).

CVE-2019-8371

February 26, 2023 by

OpenEMR v5.0.1-6 allows code execution.

CVE-2019-8394

February 26, 2023 by

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

CVE-2019-8293

February 26, 2023 by

Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.

CVE-2019-8140

February 26, 2023 by

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 75
  • Go to page 76
  • Go to page 77
  • Go to page 78
  • Go to page 79
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE