Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2022-11-30 CVE-2022-4232 Unrestricted Upload of File with Dangerous Type vulnerability in Event Registration System Project Event Registration System 1.0
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0.
network
low complexity
event-registration-system-project CWE-434
critical
9.8
2022-11-29 CVE-2022-44354 Unrestricted Upload of File with Dangerous Type vulnerability in Contec Solarview Compact Firmware 4.0/5.0
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
network
low complexity
contec CWE-434
critical
9.8
2022-11-28 CVE-2022-38140 Unrestricted Upload of File with Dangerous Type vulnerability in Squirrly SEO Plugin BY Squirrly SEO
Auth.
network
low complexity
squirrly CWE-434
8.8
2022-11-28 CVE-2022-44400 Unrestricted Upload of File with Dangerous Type vulnerability in Purchase Order Management System Project Purchase Order Management System 1.0
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.
network
low complexity
purchase-order-management-system-project CWE-434
critical
9.8
2022-11-28 CVE-2022-44401 Unrestricted Upload of File with Dangerous Type vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.
9.8
2022-11-25 CVE-2022-41705 Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.3
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server.
network
low complexity
uatech CWE-434
critical
9.8
2022-11-25 CVE-2022-45039 Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
wbce CWE-434
7.2
2022-11-23 CVE-2021-43258 Unrestricted Upload of File with Dangerous Type vulnerability in Churchdb Churchinfo 1.2.13/1.2.14/1.3.0
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads.
network
low complexity
churchdb CWE-434
8.8
2022-11-23 CVE-2020-23591 Unrestricted Upload of File with Dangerous Type vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.
network
low complexity
optilinknetwork CWE-434
critical
9.8
2022-11-22 CVE-2022-2791 Unrestricted Upload of File with Dangerous Type vulnerability in Emerson Proficy
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.
local
low complexity
emerson CWE-434
7.8