The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hard-coded encryption key and missing file type validation on the ur_upload_profile_pic function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.
617e7a31e8613b2fc41dfb20282c61f763065187b026a8188f18e87a77f289a5
Architect HTML and Site Builder version 2.2.3 suffers from an arbitrary file upload vulnerability.
e39afa37fd4029d2a1d6029ed16c4ba2ee567a5ba7b61b45d8601e4c7d4ba3ab
Alumni Club Management Tools version 2.2.7 suffers from file upload and remote SQL injection vulnerabilities.
1c2184b26be39e09d9396589fc1970fe7145e1f2ce96dcf537d2c8dfd51194c5
MagicAI version 1.55R suffers from a persistent cross site scripting vulnerability via a file upload.
f4d106d7a59e4b426baf267d2bfbc5e19be78391b0f2498637e74b343fb4f208
Advanced Form Builder version 2.0 suffers from an arbitrary file upload vulnerability.
0fb127a4e4574a26de1bea5b616d506f4efb9d4344b1aa51b865f10ae956b4d0
Online Art Gallery Project version 1.0 suffers from an arbitrary file upload vulnerability.
ab0a3852329b276ac8c81bd14314d1b572e682c349a076a46846217ecf3422d7
Teachers Record Management System version 1.0 suffers from file upload validation bypass vulnerability.
e55edf3ad86e1cd11b6b01476b398e215f92844b97799ddf06369d679ceeee36
Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.
42a060ff82cd1846f13603b5df42ab433514a56f42b104907918548c7a47ce86
Acelle Email Marketing version 1.0 suffers from an arbitrary file upload vulnerability.
8ab91b141d2a757f5c8139e68bc3122becbc9e84709fafd036525d8dda27931b
Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.
0c6c4576c7182cef60f1720011b706cffbe6a3ce7cde23ea97cdccf7a4dc0430
Kiddoware Kids Place Parental Control Android App versions 3.8.49 and below suffer from weak hashing, cross site request forgery, cross site scripting, and arbitrary file upload vulnerabilities.
b33a2a364778cd72fba75e79c7bdf844aa87c6638b73e7e53fb94bf760948718
This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this vulnerability and it results in access to the underlying operating system with the same privileges under which the web services run (typically user www-data). Monitorr versions 1.7.6m, 1.7.7d, and below are affected.
6c6d18b94bdb35bfe9807add78ec876cdeda11ffafe62ef4078fdeb348b08a51
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user.
a890c277f9518d69ee5b632d253b7c12b7da15367479577605ce796496a2f670
Ubuntu Security Notice 5868-1 - Jakob Ackermann discovered that Django incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
11a790e108af509c2a344551f20a1e04c908295aa88e7d1ada09f38e4bf64cc5
Gold Filled CRM version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
7df5256a62f4b26f1e4415c585d3fa307a8092cdea4dec86c2b611cd1e38214d
ERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.
75550497f441c15436243b166bf836846ad5f220742342f795cbab8cded44902
Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1b
WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.
cda2f52f6b43d9a253406aa83b3d7934624dc39c1c6c8f9a0240d741e6ae5fa3
PrestaShop version 1.7.6.7 suffers from a cross site scripting vulnerability via the file upload functionality.
fd8caaa9cec4a7055dd238f60bb28982f0acab62605c410f5808fff8eccaa174
This Metasploit module exploits the file upload vulnerability of Multi Language Pharmacy Management System to achieve remote code execution.
742456930e5e52c2ee76502248a99373d271bc23c86a2afc2380664719fcc4cb
e107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.
3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5
WordPress Advanced Uploader plugin versions 4.2 and below suffer from a remote shell upload vulnerability.
d6da47e9cfa89f863bdbab26f72fb5536450efbf87365b7899f665f69f1edd2a
ImpressCMS version 1.4.4 suffers from an arbitrary file upload due to a weak blacklisting methodology for file extensions.
e3a1d424f71f1feb571e0ac4b2912e399c1c124ebdfb5d9e83276acd5816f7e8
TLR-2005KSH suffers from an arbitrary file upload vulnerability.
f7ccc88ff2a331dfcd6837d903e8a8b9647905703b086149bc856a1f4d52c2d9
This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
7bdab9b3101da4ba2df8ff1f6a558171e4d8a503d4d44bcbaf0347587fa69a4d