Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-14 | CVE-2021-43617 | Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Framework Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. | 9.8 |
| 2021-11-11 | CVE-2021-41833 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Patch Connect Plus 9.0.0 Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | 9.8 |
| 2021-11-08 | CVE-2020-23572 | Unrestricted Upload of File with Dangerous Type vulnerability in Beescms 4.0 BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. | 8.8 |
| 2021-11-08 | CVE-2021-28023 | Unrestricted Upload of File with Dangerous Type vulnerability in Servicetonic Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. | 9.8 |
| 2021-11-08 | CVE-2021-31599 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 8.8 |
| 2021-11-08 | CVE-2021-34685 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi Vantara Pentaho UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. | 7.2 |
| 2021-11-05 | CVE-2021-42669 | Unrestricted Upload of File with Dangerous Type vulnerability in Engineers Online Portal Project Engineers Online Portal A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. | 9.8 |
| 2021-11-03 | CVE-2020-18261 | Unrestricted Upload of File with Dangerous Type vulnerability in Ed01-Cms Project Ed01-Cms 1.0 An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | 9.8 |
| 2021-11-01 | CVE-2021-26740 | Unrestricted Upload of File with Dangerous Type vulnerability in Doyocms Project Doyocms 2.3 Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. | 9.8 |
| 2021-11-01 | CVE-2021-38847 | Unrestricted Upload of File with Dangerous Type vulnerability in S-Cart S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. | 8.8 |