CVE-2023-26877

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.

Related Vulnerabilities

CVE-2017-18468

MEDIUM
CVSS:6.3(Medium)

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

CWE-942017

CVE-2018-20931

MEDIUM
CVSS:6.3(Medium)

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

CWE-942018

CVE-2019-1577

MEDIUM
CVSS:6.3(Medium)

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.

CWE-942019

CVE-2020-11056

MEDIUM
CVSS:6.3(Medium)

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has...

CWE-942020

CVE-2023-27897

MEDIUM
CVSS:6.3(Medium)

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an ...

CWE-942023

CVE-2023-40621

MEDIUM
CVSS:6.3(Medium)

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on ...

CWE-942023