All CosmicBytez Labs articles tagged #File Upload, across news, security advisories, how-to guides, and projects.
A critical unauthenticated arbitrary file upload vulnerability in Delta Sql 1.8.2 allows attackers to upload malicious PHP files and achieve remote code...
A critical arbitrary file upload vulnerability in CubeCart's REST API File Manager allows holders of a files:rw API key to upload PHP webshells to the web...
MStore API 2.0.6 for WordPress allows unauthenticated attackers to upload arbitrary PHP files via the REST API config_file endpoint, achieving remote code...
OpenCATS 0.9.4 allows unauthenticated attackers to upload malicious PHP files through the careers job application endpoint, achieving remote code...
A critical unauthenticated arbitrary file upload vulnerability in the User Registration Advanced Fields plugin for WordPress allows attackers to upload...
Open Source Social Network (OSSN) versions prior to 9.0 are vulnerable to resource exhaustion via specially crafted image uploads with extreme pixel...
Threat actors are mass-exploiting a critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin, uploading PHP webshells to...
A critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin allows attackers to upload arbitrary files to affected servers...
Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...
The CMP Coming Soon & Maintenance Plugin for WordPress contains a critical arbitrary file upload flaw that allows subscriber-level authenticated users to...
FalkorDB Browser 1.9.3 contains a critical unauthenticated path traversal vulnerability in its file upload API that allows remote attackers to write...
A critical CVSS 9.8 vulnerability in the Quick Playground WordPress plugin (versions up to 1.3.1) allows unauthenticated attackers to upload arbitrary...
Snews CMS 1.7 contains a critical unrestricted file upload vulnerability allowing unauthenticated attackers to upload PHP webshells to the snews_files...
CVE-2015-20115 is a stored cross-site scripting vulnerability in RealtyScript 4.0.2 that allows authenticated attackers to upload malicious script files...
A critical unauthenticated arbitrary file upload vulnerability in the WPvivid Backup & Migration plugin allows remote code execution on over 900,000...