CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7384 – AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function
https://notcve.org/view.php?id=CVE-2024-7384
21 Aug 2024 — The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/acymailing/trunk/back/libraries/wordpress/file.php#L47 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39970 – Extension - acymailing.com - RCE in AcyMailing component for Joomla 6.7.0-8.5.0
https://notcve.org/view.php?id=CVE-2023-39970
17 Aug 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution. Vulnerabilidad de carga no restringida de archivos de tipo peligroso en el componente AcyMailing para Joomla. Permite la ejecución remota de código. • https://extensions.joomla.org/extension/acymailing-starter • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10934
https://notcve.org/view.php?id=CVE-2020-10934
24 Mar 2020 — Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Acyba AcyMailing versiones anteriores a la versión 6.9.2, maneja inapropiadamente archivos cargados por administradores. • http://jvn.jp/en/jp/JVN56890693/index.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7338
https://notcve.org/view.php?id=CVE-2015-7338
09 Mar 2020 — SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. Se presenta una Inyección SQL en AcyMailing Joomla Component versiones anteriores a 4.9.5, por medio de exportgeolocorder en una petición de la función geolocation_longitude en el archivo index.php. • https://labs.integrity.pt/advisories/cve-2015-7338 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2018-9107 – Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
https://notcve.org/view.php?id=CVE-2018-9107
28 Mar 2018 — CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. Existe inyección CSV (también conocida como Excel Macro Injection o Formula Injection) en la funcionalidad de exportación en la extensión Acyba AcyMailing , en versiones anteriores a la 5.9.6, para Joomla! mediante un valor gestionado de manera incorrecta en una exportación CSV. Joomla Acymailing Starter compone... • https://packetstorm.news/files/id/146993 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2018-9106 – Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
https://notcve.org/view.php?id=CVE-2018-9106
28 Mar 2018 — CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. Existe inyección CSV (también conocida como Excel Macro Injection o Formula Injection) en la funcionalidad de exportación en la extensión Acyba AcySMS, en versiones anteriores a la 3.5.1, para Joomla! mediante un valor gestionado de manera incorrecta en una exportación CSV. Joomla AcySMS component version 3.5.0 suff... • https://packetstorm.news/files/id/146992 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •