Total
3042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19514 | 1 Ens | 1 Webgalamb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file. | |||||
| CVE-2018-19457 | 1 Logicspice | 1 Faq Script | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | |||||
| CVE-2018-19453 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | |||||
| CVE-2018-19424 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | |||||
| CVE-2018-19423 | 1 Codiad | 1 Codiad | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | |||||
| CVE-2018-19422 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | |||||
| CVE-2018-19421 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.0 MEDIUM | 3.8 LOW |
| In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | |||||
| CVE-2018-19420 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.0 MEDIUM | 3.8 LOW |
| In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | |||||
| CVE-2018-19355 | 2 Mypresta, Prestashop | 2 Customer Files Upload, Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | |||||
| CVE-2018-19126 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. | |||||
| CVE-2018-18942 | 1 Basercms | 1 Basercms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | |||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | |||||
| CVE-2018-18930 | 1 Trms | 1 Carousel Digital Signage | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user. | |||||
| CVE-2018-18888 | 1 Laravelcms Project | 1 Laravelcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | |||||
| CVE-2018-18874 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. | |||||
| CVE-2018-18830 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. | |||||
| CVE-2018-18793 | 1 School Event Management System Project | 1 School Event Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | |||||
| CVE-2018-18771 | 1 Lulucms | 1 Lulu Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. | |||||
| CVE-2018-18752 | 1 Webiness Project | 1 Webiness Inventory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. | |||||
| CVE-2018-18572 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. | |||||