CVE-2026-33560
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated
CVSS
7.1
Alto
EPSS
0.5%
p37
KEV
—
Exploit Today
11
0-100
Publicado: 26 jun 2026 · Última mod.: 6 jul 2026 · CWE-434
0.3%EPSS · 30 días0.5%
2026-06-302026-07-17
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-562909.8 CRÍ85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability10dCVE-2026-489089.8 CRÍ72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability10dCVE-2026-489399.8 CRÍ71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability7dCVE-2026-562919.8 CRÍ53.7%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability7dCVE-2023-388368.8 ALT99.3%
——30File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.10dCVE-2023-464747.2 ALT97.3%
——29File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.10d