CVE-2024-3112

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Related Vulnerabilities

CVE-2017-11404

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.

CWE-4342017

CVE-2017-11405

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/modul...

CWE-4342017

CVE-2018-16373

MEDIUM
CVSS:4.9(Medium)

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.

CWE-4342018

CVE-2018-16397

MEDIUM
CVSS:4.9(Medium)

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

CWE-4342018

CVE-2019-8140

MEDIUM
CVSS:4.9(Medium)

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the M...

CWE-4342019

CVE-2020-6975

MEDIUM
CVSS:4.9(Medium)

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious...

CWE-4342020