Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2023-07-03 CVE-2020-22153 Unrestricted Upload of File with Dangerous Type vulnerability in Thedaylightstudio Fuel CMS 1.4.6
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
network
low complexity
thedaylightstudio CWE-434
critical
9.8
2023-06-30 CVE-2023-32621 Unrestricted Upload of File with Dangerous Type vulnerability in Wavlink Wl-Wn531Ax2 Firmware
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
network
low complexity
wavlink CWE-434
7.2
2023-06-30 CVE-2020-18432 Unrestricted Upload of File with Dangerous Type vulnerability in Sem-Cms Semcms 3.7
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
network
low complexity
sem-cms CWE-434
critical
9.8
2023-06-29 CVE-2023-34738 Unrestricted Upload of File with Dangerous Type vulnerability in Chemex
Chemex through 3.7.1 is vulnerable to arbitrary file upload.
network
low complexity
chemex CWE-434
critical
9.8
2023-06-28 CVE-2023-34736 Unrestricted Upload of File with Dangerous Type vulnerability in Guantang Equipment Management System Project Guantang Equipment Management System 4.12
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.
7.2
2023-06-28 CVE-2022-44276 Unrestricted Upload of File with Dangerous Type vulnerability in Tecrail Responsive Filemanager
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.
network
low complexity
tecrail CWE-434
critical
9.8
2023-06-26 CVE-2023-33404 Unrestricted Upload of File with Dangerous Type vulnerability in Blogengine Blogengine.Net
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
network
low complexity
blogengine CWE-434
critical
9.8
2023-06-26 CVE-2020-20210 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.9.2
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
network
low complexity
bludit CWE-434
8.8
2023-06-25 CVE-2023-36630 Unrestricted Upload of File with Dangerous Type vulnerability in Mgt-Commerce Cloudpanel
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.
network
low complexity
mgt-commerce CWE-434
8.8
2023-06-24 CVE-2023-1721 Unrestricted Upload of File with Dangerous Type vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server.
7.2