The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hard-coded encryption key and missing file type validation on the ur_upload_profile_pic function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.
617e7a31e8613b2fc41dfb20282c61f763065187b026a8188f18e87a77f289a5Architect HTML and Site Builder version 2.2.3 suffers from an arbitrary file upload vulnerability.
e39afa37fd4029d2a1d6029ed16c4ba2ee567a5ba7b61b45d8601e4c7d4ba3abAlumni Club Management Tools version 2.2.7 suffers from file upload and remote SQL injection vulnerabilities.
1c2184b26be39e09d9396589fc1970fe7145e1f2ce96dcf537d2c8dfd51194c5MagicAI version 1.55R suffers from a persistent cross site scripting vulnerability via a file upload.
f4d106d7a59e4b426baf267d2bfbc5e19be78391b0f2498637e74b343fb4f208Advanced Form Builder version 2.0 suffers from an arbitrary file upload vulnerability.
0fb127a4e4574a26de1bea5b616d506f4efb9d4344b1aa51b865f10ae956b4d0Online Art Gallery Project version 1.0 suffers from an arbitrary file upload vulnerability.
ab0a3852329b276ac8c81bd14314d1b572e682c349a076a46846217ecf3422d7Teachers Record Management System version 1.0 suffers from file upload validation bypass vulnerability.
e55edf3ad86e1cd11b6b01476b398e215f92844b97799ddf06369d679ceeee36Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.
42a060ff82cd1846f13603b5df42ab433514a56f42b104907918548c7a47ce86Acelle Email Marketing version 1.0 suffers from an arbitrary file upload vulnerability.
8ab91b141d2a757f5c8139e68bc3122becbc9e84709fafd036525d8dda27931bSerenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.
0c6c4576c7182cef60f1720011b706cffbe6a3ce7cde23ea97cdccf7a4dc0430Kiddoware Kids Place Parental Control Android App versions 3.8.49 and below suffer from weak hashing, cross site request forgery, cross site scripting, and arbitrary file upload vulnerabilities.
b33a2a364778cd72fba75e79c7bdf844aa87c6638b73e7e53fb94bf760948718This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this vulnerability and it results in access to the underlying operating system with the same privileges under which the web services run (typically user www-data). Monitorr versions 1.7.6m, 1.7.7d, and below are affected.
6c6d18b94bdb35bfe9807add78ec876cdeda11ffafe62ef4078fdeb348b08a51This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user.
a890c277f9518d69ee5b632d253b7c12b7da15367479577605ce796496a2f670Ubuntu Security Notice 5868-1 - Jakob Ackermann discovered that Django incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
11a790e108af509c2a344551f20a1e04c908295aa88e7d1ada09f38e4bf64cc5Gold Filled CRM version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
7df5256a62f4b26f1e4415c585d3fa307a8092cdea4dec86c2b611cd1e38214dERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.
75550497f441c15436243b166bf836846ad5f220742342f795cbab8cded44902Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1bWordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.
cda2f52f6b43d9a253406aa83b3d7934624dc39c1c6c8f9a0240d741e6ae5fa3PrestaShop version 1.7.6.7 suffers from a cross site scripting vulnerability via the file upload functionality.
fd8caaa9cec4a7055dd238f60bb28982f0acab62605c410f5808fff8eccaa174This Metasploit module exploits the file upload vulnerability of Multi Language Pharmacy Management System to achieve remote code execution.
742456930e5e52c2ee76502248a99373d271bc23c86a2afc2380664719fcc4cbe107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.
3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5WordPress Advanced Uploader plugin versions 4.2 and below suffer from a remote shell upload vulnerability.
d6da47e9cfa89f863bdbab26f72fb5536450efbf87365b7899f665f69f1edd2aImpressCMS version 1.4.4 suffers from an arbitrary file upload due to a weak blacklisting methodology for file extensions.
e3a1d424f71f1feb571e0ac4b2912e399c1c124ebdfb5d9e83276acd5816f7e8TLR-2005KSH suffers from an arbitrary file upload vulnerability.
f7ccc88ff2a331dfcd6837d903e8a8b9647905703b086149bc856a1f4d52c2d9This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
7bdab9b3101da4ba2df8ff1f6a558171e4d8a503d4d44bcbaf0347587fa69a4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed