Page 8 of 35023 results (0.139 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. • https://github.com/RandomRobbieBF/CVE-2024-10586 https://plugins.trac.wordpress.org/browser/debug-tool/trunk/tools/image-puller.php#L120 https://www.wordfence.com/threat-intel/vulnerabilities/id/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/6a60e2c3-4597-4b21-ad20-6a00e483fcf1?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. • https://github.com/havok89/Hoosk/issues/66 •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. • https://co-a1natas.feishu.cn/docx/GuYjd2lDEoxNhVxPa9Yc1akknee •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf1cecd-c630-498d-9aa0-3d0adeb73033?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •