Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2020-19267 Unrestricted Upload of File with Dangerous Type vulnerability in Dswjcms Project Dswjcms 1.6.4
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dswjcms-project CWE-434
7.5
2021-09-08 CVE-2020-19138 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
network
low complexity
dotcms CWE-434
critical
10.0
2021-09-08 CVE-2021-36440 Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.9.5
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
network
low complexity
showdoc CWE-434
7.5
2021-09-07 CVE-2021-38841 Unrestricted Upload of File with Dangerous Type vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0
Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action.
6.5
2021-09-05 CVE-2021-40524 Unrestricted Upload of File with Dangerous Type vulnerability in Pureftpd Pure-Ftpd 1.0.49
In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang.
network
low complexity
pureftpd CWE-434
5.0
2021-09-01 CVE-2021-36024 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint.
network
low complexity
adobe CWE-434
6.5
2021-09-01 CVE-2021-36034 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-434
6.5
2021-09-01 CVE-2021-36040 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-434
6.5
2021-09-01 CVE-2021-36041 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-434
6.5
2021-09-01 CVE-2021-36042 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension.
network
low complexity
adobe CWE-434
6.5