Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2021-02-22 CVE-2021-3120 Unrestricted Upload of File with Dangerous Type vulnerability in Yithemes Yith Woocommerce Gift Cards
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server.
network
low complexity
yithemes CWE-434
critical
9.8
2021-02-22 CVE-2021-27513 Unrestricted Upload of File with Dangerous Type vulnerability in Eyesofnetwork 5.310
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
network
low complexity
eyesofnetwork CWE-434
8.8
2021-02-17 CVE-2021-26809 Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul CAR Rental Portal 2.0
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
network
low complexity
phpgurukul CWE-434
critical
9.8
2021-02-17 CVE-2021-25780 Unrestricted Upload of File with Dangerous Type vulnerability in Baby Care System Project Baby Care System 1.0
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0.
network
low complexity
baby-care-system-project CWE-434
7.2
2021-02-17 CVE-2021-22858 Unrestricted Upload of File with Dangerous Type vulnerability in Changjia Property Management System Project Changjia Property Management System 1.00
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
8.8
2021-02-15 CVE-2020-4955 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Operations Center
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation.
low complexity
ibm CWE-434
8.0
2021-02-10 CVE-2020-28871 Unrestricted Upload of File with Dangerous Type vulnerability in Monitorr 1.7.6M
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
network
low complexity
monitorr CWE-434
critical
9.8
2021-02-09 CVE-2021-21131 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google microsoft CWE-434
6.5
2021-02-09 CVE-2021-26918 Unrestricted Upload of File with Dangerous Type vulnerability in Probot BOT 20210208
The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type.
network
low complexity
probot CWE-434
critical
9.8
2021-02-02 CVE-2020-25037 Unrestricted Upload of File with Dangerous Type vulnerability in Ucopia Wireless Appliance 6.0.5
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
local
low complexity
ucopia CWE-434
8.2