Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2021-11-08 CVE-2021-34685 Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi Vantara Pentaho
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types.
network
low complexity
hitachi CWE-434
6.5
2021-11-05 CVE-2021-42669 Unrestricted Upload of File with Dangerous Type vulnerability in Engineers Online Portal Project Engineers Online Portal
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php.
network
low complexity
engineers-online-portal-project CWE-434
critical
10.0
2021-11-03 CVE-2020-18261 Unrestricted Upload of File with Dangerous Type vulnerability in Ed01-Cms Project Ed01-Cms 1.0
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.
network
low complexity
ed01-cms-project CWE-434
7.5
2021-11-01 CVE-2021-26740 Unrestricted Upload of File with Dangerous Type vulnerability in Doyocms Project Doyocms 2.3
Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.
network
low complexity
doyocms-project CWE-434
7.5
2021-11-01 CVE-2021-38847 Unrestricted Upload of File with Dangerous Type vulnerability in S-Cart
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel.
network
low complexity
s-cart CWE-434
6.5
2021-10-29 CVE-2021-41646 Unrestricted Upload of File with Dangerous Type vulnerability in Online Reviewer System Project Online Reviewer System 1.0
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
network
low complexity
online-reviewer-system-project CWE-434
7.5
2021-10-29 CVE-2021-41643 Unrestricted Upload of File with Dangerous Type vulnerability in Church Management System Project Church Management System 1.0
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
network
low complexity
church-management-system-project CWE-434
7.5
2021-10-29 CVE-2021-41644 Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
7.5
2021-10-29 CVE-2021-41645 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Budget and Expense Tracker System 1.0
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field.
network
low complexity
oretnom23 CWE-434
8.8
2021-10-29 CVE-2021-41675 Unrestricted Upload of File with Dangerous Type vulnerability in E-Negosyo System Project E-Negosyo System 1.0
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei.
network
low complexity
e-negosyo-system-project CWE-434
6.5