CVE-2023-7054

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2016-2914

MEDIUM
CVSS:5.4(Medium)

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specify...

CWE-4342016

CVE-2019-19493

MEDIUM
CVSS:5.4(Medium)

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

CWE-4342019

CVE-2019-6513

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.

CWE-4342019

CVE-2020-26828

MEDIUM
CVSS:5.4(Medium)

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which ca...

CWE-4342020

CVE-2020-2730

MEDIUM
CVSS:5.4(Medium)

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0...

CWE-4342020

CVE-2021-24960

MEDIUM
CVSS:5.4(Medium)

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way ...

CWE-4342021