Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2023-10-14 CVE-2023-45856 Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.2
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
network
low complexity
qdpm CWE-434
critical
9.8
2023-10-11 CVE-2023-44962 Unrestricted Upload of File with Dangerous Type vulnerability in Koha-Community Koha Library Software
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.
network
low complexity
koha-community CWE-434
5.3
2023-10-10 CVE-2023-44763 Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS 9.2.1
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS).
network
low complexity
concretecms CWE-434
5.4
2023-10-09 CVE-2023-43696 Unrestricted Upload of File with Dangerous Type vulnerability in Sick Apu0200 Firmware
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.
network
low complexity
sick CWE-434
critical
9.8
2023-10-09 CVE-2023-45353 Unrestricted Upload of File with Dangerous Type vulnerability in Atos Unify Openscape Common Management 10
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system.
network
low complexity
atos CWE-434
8.8
2023-10-06 CVE-2023-44061 Unrestricted Upload of File with Dangerous Type vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script 1.0
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.
8.8
2023-10-05 CVE-2023-43269 Unrestricted Upload of File with Dangerous Type vulnerability in Pigcms 7.0
pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.
network
low complexity
pigcms CWE-434
critical
9.8
2023-10-04 CVE-2023-43321 Unrestricted Upload of File with Dangerous Type vulnerability in Dcnetworks Dcfw-1800-Sdc Firmware 3.0
File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.
network
low complexity
dcnetworks CWE-434
8.8
2023-10-04 CVE-2023-43838 Unrestricted Upload of File with Dangerous Type vulnerability in Personal-Management-System Personal Management System 1.4.64
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.
local
low complexity
personal-management-system CWE-434
7.8
2023-10-03 CVE-2023-44973 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0
An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
emlog CWE-434
critical
9.8