Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-0517 | Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla VPN Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. | 7.8 |
| 2022-12-22 | CVE-2022-46102 | Unrestricted Upload of File with Dangerous Type vulnerability in Ayacms Project Ayacms 3.1.2 AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | 9.8 |
| 2022-12-22 | CVE-2022-45966 | Unrestricted Upload of File with Dangerous Type vulnerability in Classcms Project Classcms 3.5 here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | 9.8 |
| 2022-12-20 | CVE-2022-46020 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | 9.8 |
| 2022-12-16 | CVE-2022-46135 | Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1 In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | 7.2 |
| 2022-12-15 | CVE-2022-45338 | Unrestricted Upload of File with Dangerous Type vulnerability in Exactsoftware Exact Synergy 267/500 An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. | 7.8 |
| 2022-12-15 | CVE-2020-20588 | Unrestricted Upload of File with Dangerous Type vulnerability in Ibarn Project Ibarn 1.5 File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php. | 8.8 |
| 2022-12-13 | CVE-2022-41267 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | 8.8 |
| 2022-12-12 | CVE-2022-45275 | Unrestricted Upload of File with Dangerous Type vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2022-12-12 | CVE-2022-3912 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpeverest User Registration The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. | 7.5 |