Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2021-07-07 CVE-2021-34623 Unrestricted Upload of File with Dangerous Type vulnerability in Properfraction Profilepress
A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates.
network
low complexity
properfraction CWE-434
critical
 9.8
9.8
2021-07-07 CVE-2021-34624 Unrestricted Upload of File with Dangerous Type vulnerability in Properfraction Profilepress
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates.
network
low complexity
properfraction CWE-434
critical
 9.8
9.8
2021-07-06 CVE-2020-22249 Unrestricted Upload of File with Dangerous Type vulnerability in PHPlist 3.5.1
Remote Code Execution vulnerability in phplist 3.5.1.
network
low complexity
phplist CWE-434
critical
 9.8
9.8
2021-06-29 CVE-2021-20104 Unrestricted Upload of File with Dangerous Type vulnerability in Machform
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.
network
high complexity
machform CWE-434
8.1
8.1
2021-06-25 CVE-2021-34427 Unrestricted Upload of File with Dangerous Type vulnerability in Eclipse Business Intelligence and Reporting Tools
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
network
low complexity
eclipse CWE-434
critical
 9.8
9.8
2021-06-25 CVE-2021-34074 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager.
network
low complexity
pandorafms CWE-434
critical
 9.8
9.8
2021-06-24 CVE-2020-21786 Unrestricted Upload of File with Dangerous Type vulnerability in Ibos 4.5.4
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.
network
low complexity
ibos CWE-434
critical
 9.8
9.8
2021-06-24 CVE-2020-21787 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 3.1.0+
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
network
low complexity
crmeb CWE-434
critical
 9.8
9.8
2021-06-23 CVE-2021-28976 Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimplecms
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
network
low complexity
get-simple CWE-434
7.2
7.2
2021-06-21 CVE-2020-19510 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
network
low complexity
textpattern CWE-434
critical
 9.8
9.8