映射到 CWE-434 的搜索结果 (24)
[原文]Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
[原文]Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
[原文]Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
[原文]In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.
[原文]Absolute path traversal vulnerability in the file_manager component of eFront CMS before 126.96.36.199 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.
[原文]The file_manager component in eFront CMS before 188.8.131.52 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.