Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-28 | CVE-2022-44400 | Unrestricted Upload of File with Dangerous Type vulnerability in Purchase Order Management System Project Purchase Order Management System 1.0 Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. | 9.8 |
| 2022-11-28 | CVE-2022-44401 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0 Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | 9.8 |
| 2022-11-25 | CVE-2022-41705 | Unrestricted Upload of File with Dangerous Type vulnerability in Uatech Badaso 2.6.3 Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. | 9.8 |
| 2022-11-25 | CVE-2022-45476 | Unrestricted Upload of File with Dangerous Type vulnerability in Tiny File Manager Project Tiny File Manager 2.4.8 Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. | 9.8 |
| 2022-11-25 | CVE-2022-45039 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2022-11-23 | CVE-2021-43258 | Unrestricted Upload of File with Dangerous Type vulnerability in Churchdb Churchinfo 1.2.13/1.2.14/1.3.0 CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. | 8.8 |
| 2022-11-23 | CVE-2020-23591 | Unrestricted Upload of File with Dangerous Type vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor. | 9.8 |
| 2022-11-22 | CVE-2022-30529 | Unrestricted Upload of File with Dangerous Type vulnerability in Isic.Lk Project Isic.Lk File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | 7.2 |
| 2022-11-18 | CVE-2022-42698 | Unrestricted Upload of File with Dangerous Type vulnerability in Api2Cart Bridge Connector 1.0.0/1.1.0 Unauth. | 9.8 |
| 2022-11-17 | CVE-2022-40200 | Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpforo Forum Auth. | 8.8 |