Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-1433 Unrestricted Upload of File with Dangerous Type vulnerability in Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0.
7.2
2023-03-15 CVE-2023-28337 Unrestricted Upload of File with Dangerous Type vulnerability in Netgear Rax30 Firmware
When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks.
network
low complexity
netgear CWE-434
8.8
2023-03-15 CVE-2023-1415 Unrestricted Upload of File with Dangerous Type vulnerability in Simple ART Gallery Project Simple ART Gallery 1.0
A vulnerability was found in Simple Art Gallery 1.0.
network
low complexity
simple-art-gallery-project CWE-434
8.8
2023-03-15 CVE-2023-27235 Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.4.5
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
network
low complexity
jizhicms CWE-434
7.2
2023-03-15 CVE-2023-27757 Unrestricted Upload of File with Dangerous Type vulnerability in Perfree Perfreeblog 3.1.1
An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.
network
low complexity
perfree CWE-434
critical
9.8
2023-03-14 CVE-2023-26262 Unrestricted Upload of File with Dangerous Type vulnerability in Sitecore Experience Manager and Experience Platform
An issue was discovered in Sitecore XP/XM 10.3.
network
low complexity
sitecore CWE-434
8.8
2023-03-14 CVE-2023-1391 Unrestricted Upload of File with Dangerous Type vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0
A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0.
9.8
2023-03-14 CVE-2023-1392 Unrestricted Upload of File with Dangerous Type vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical.
network
low complexity
online-pizza-ordering-system-project CWE-434
critical
9.8
2023-03-13 CVE-2023-0477 Unrestricted Upload of File with Dangerous Type vulnerability in Cm-Wp Auto Featured Image
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files.
network
low complexity
cm-wp CWE-434
8.8
2023-03-10 CVE-2023-23328 Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7
A File Upload vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-434
8.8