Export limit exceeded: 363422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4153 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34086 | 2 Bolt, Boltcms | 2 Bolt Cms, Bolt | 2026-04-07 | 8.8 High |
| Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file. NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021. | ||||
| CVE-2024-58313 | 1 Xbtitfm | 1 Xbtitfm | 2026-04-07 | 7.2 High |
| xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands. | ||||
| CVE-2024-58283 | 1 Wbce | 1 Wbce Cms | 2026-04-07 | 8.8 High |
| WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter. | ||||
| CVE-2024-58282 | 2 S9y, Serendipity | 2 Serendipity, Serendipity | 2026-04-07 | 7.2 High |
| Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server. | ||||
| CVE-2024-58281 | 1 Dotclear | 1 Dotclear | 2026-04-07 | 8.8 High |
| Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file. | ||||
| CVE-2024-58279 | 1 Apprain | 1 Apprain | 2026-04-07 | 8.8 High |
| appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory. | ||||
| CVE-2023-53971 | 1 Webtareas Project | 1 Webtareas | 2026-04-07 | 8.8 High |
| WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path. | ||||
| CVE-2023-53952 | 1 Dotclear | 1 Dotclear | 2026-04-07 | 8.8 High |
| Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server. | ||||
| CVE-2023-53942 | 1 Leefish | 1 File Thingie | 2026-04-07 | 8.8 High |
| File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter. | ||||
| CVE-2023-53933 | 1 S9y | 1 Serendipity | 2026-04-07 | 8.8 High |
| Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server. | ||||
| CVE-2023-53924 | 1 Ulicms | 1 Ulicms | 2026-04-07 | 8.8 High |
| UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution through maliciously crafted avatar uploads. | ||||
| CVE-2023-53922 | 1 Tinywebgallery | 1 Tinywebgallery | 2026-04-07 | 9.8 Critical |
| TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploaded file's URL. | ||||
| CVE-2023-53921 | 1 Sitemagic | 2 Sitemagic, Sitemagic Cms | 2026-04-07 | 9.8 Critical |
| SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands. | ||||
| CVE-2023-53892 | 1 Blackcat-cms | 1 Blackcat Cms | 2026-04-07 | 7.2 High |
| Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter. | ||||
| CVE-2023-53876 | 1 Creativeitem | 1 Academy Lms | 2026-04-07 | 5.4 Medium |
| Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code. | ||||
| CVE-2023-53871 | 1 Soosyze | 1 Soosyze | 2026-04-07 | 9.8 Critical |
| Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server. | ||||
| CVE-2023-53868 | 2 Coppermine, Coppermine-gallery | 3 Coppermine Photo Gallery, Gallery, Coppermine Photo Gallery | 2026-04-07 | 8.8 High |
| Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script. | ||||
| CVE-2022-50939 | 1 E107 | 2 E107, E107 Cms | 2026-04-07 | 7.2 High |
| e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface. | ||||
| CVE-2022-50916 | 1 E107 | 2 E107, E107 Cms | 2026-04-07 | 7.2 High |
| e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory. | ||||
| CVE-2022-50907 | 1 E107 | 2 E107, E107 Cms | 2026-04-07 | 7.2 High |
| e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature. | ||||