Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2024-01-22 CVE-2024-22895 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.112
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
network
low complexity
dedecms CWE-434
8.8
2024-01-20 CVE-2023-51924 Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
yonyou CWE-434
critical
9.8
2024-01-20 CVE-2023-51925 Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
yonyou CWE-434
critical
9.8
2024-01-20 CVE-2021-31314 Unrestricted Upload of File with Dangerous Type vulnerability in Ejinshan Terminal Security System 8.0
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.
network
low complexity
ejinshan CWE-434
critical
9.8
2024-01-20 CVE-2023-51928 Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
yonyou CWE-434
critical
9.8
2024-01-19 CVE-2023-27168 Unrestricted Upload of File with Dangerous Type vulnerability in Xpand-It Write-Back Manager 2.3.1
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
network
low complexity
xpand-it CWE-434
critical
9.8
2024-01-19 CVE-2024-0713 Unrestricted Upload of File with Dangerous Type vulnerability in Monitorr 1.7.6M
A vulnerability was found in Monitorr 1.7.6m.
network
low complexity
monitorr CWE-434
8.8
2024-01-18 CVE-2023-40051 Unrestricted Upload of File with Dangerous Type vulnerability in Progress Openedge and Openedge Innovation
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE.
network
low complexity
progress CWE-434
critical
9.9
2024-01-16 CVE-2022-1538 Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import 1.1.1
Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
network
low complexity
themely CWE-434
7.2
2024-01-16 CVE-2023-4536 Unrestricted Upload of File with Dangerous Type vulnerability in Koalaapps MY Account Page Editor
The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE
network
low complexity
koalaapps CWE-434
8.8