Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the classpath and load some classes from it. The backup function of the Collection can export malicious class files uploaded by attackers to the directory, allowing Solr to load custom classes and create arbitrary Java code. Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution.
982c87ed2032bff9e2a889f42db78ed065aa2707c068813f76b1c3875193d49dGUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747WordPress Travelscape theme version 1.0.3 suffers from an arbitrary file upload vulnerability.
8c7f57a620a7f2e630146822105069ce7c8d705a9661a1a56006b6c19ee5ae88Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.
12e46eeac4843dfaaf4f61083381648a44692cd6a4aade7ab73a5901f82f2336WordPress File Upload plugin versions prior to 4.23.3 suffer from a persistent cross site scripting vulnerability.
3b846687e4071f8314c772e2348dd5b6d4b6c50cc0acd6fd150c3ad212d8fb7fCMSMS version 2.2.19 suffers from an arbitrary file upload vulnerability.
10d444684a1178256d641dcf6a31e78bdb9b5db129a97ebd890d4e09119b515cHospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9Apache Struts versions 2.0.0 through 2.3.37 (EOL), 2.5.0 through 2.5.32, and 6.0.0 through 6.3.0 suffer from an issues where an attacker can manipulate file upload parameters to enable a path traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.
3eabd0d7746d3af616a6a03f2fad7d9609f5c2a795390784bc379146a76826adWordPress Elementor plugin versions 3.18.1 and below are vulnerability to remote code execution via file upload in the template import functionality.
01b8a0f082e0d770b2fe9e58091dad5e9f1821358bb5f9846f04097a0d15c05cWordPress MW WP Form plugin versions 5.0.1 and below suffer from an arbitrary file upload vulnerability.
167c564d778ce9bc5dcaef0a3792319f6c3de4886f227d1ab0620bb35de396b6Soosyze version 2.0.0 suffers from an arbitrary file upload vulnerability.
9bf6b6526253f4c7c6238da3c5ad49f7a905e6d95335d5b8a7f1c835151822b1FIRESHOP Advanced CMS version 2.3 suffers from an arbitrary file upload vulnerability.
39420fdbd9e09574216b7c644d2b65bd4cece1bb21494da786900619db842882Academy LMS version 6.1 suffers from an upload vulnerability that could lead to persistent cross site scripting attacks.
7376aca92af649793fc8f249692d13f1ef1e359cdf18e47dababff6842bf39f0Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.
cb26d9e78a7f34adc181f96e6e2bfa835fe0ee3bd358f8c8da79954a82c3bbe6Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.
afad1c220fc9a0f9c55b16ff2ee432a14c6bcfdc35bd7e270945acd8f3ea9e17Codoforum version 5.2.1 suffers from an arbitrary file upload vulnerability.
66cafdb3a8d9e6d3b610420bda0dfd3cf6f4266f80509482fefcb6a995fec406This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.
72859313ffb21cb022d15b4566fe8863b0a0f88f5ef2dff2e8c3eba2e934c2ceCodoforum version 3.4 suffers from an arbitrary file upload vulnerability.
576ef4c013ea3a1292f877403f79781ba07f122b4361701afa83d5d09aa71bd6xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.
361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58cAvailability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914Foody Friend version 1.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.
0137ae9ffbdae6a9b09dd469be6ef2a730b30ff3d02a30c644906d1947153e72Listplace Directory Listing Platform version 3.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.
0a1cf13f5d7e602fbc48099e04b11e27f529f1a21a7180b11e2fec834efcc88bCCOM Events CMS version 0.1.02 suffers from an arbitrary file upload vulnerability.
ebebbec7cdb17add68fb7467d262f2ed89ef274cd5c034153885858802eb736dstatamic version 4.7.0 suffers from a cross site scripting vulnerability via a malicious file upload.
de9c9f1be368d8da80eabedf0f45732149a6a82790f98e16a2abaa36f90664e9BBook version 5.7 suffers from a remote shell upload vulnerability.
804669b61c82ab3a3a6cdc9ca32f0a6e2158053ef362cd4b7ee1ce094b4063c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed