• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2019-5009

February 26, 2023 by

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension “php3” in the logo upload field, if the uploaded file is in PNG format and has a size of 150×40. One can put PHP code into the image; PHP code can be executed using “” tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.

CVE-2019-4612

February 26, 2023 by

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

CVE-2019-4292

February 26, 2023 by

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698.

CVE-2019-4130

February 26, 2023 by

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

CVE-2019-4013

February 26, 2023 by

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

CVE-2019-4056

February 26, 2023 by

IBM Maximo Asset Management 7.6 Work Centers’ application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 79
  • Go to page 80
  • Go to page 81
  • Go to page 82
  • Go to page 83
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE