Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2022-10-12 CVE-2022-41406 Unrestricted Upload of File with Dangerous Type vulnerability in Church Management System Project Church Management System 1.0
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
church-management-system-project CWE-434
7.2
7.2
2022-10-11 CVE-2022-40777 Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer
Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI.
network
low complexity
interspire CWE-434
8.8
8.8
2022-10-11 CVE-2022-41380 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Yaml 0.1.0
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41381 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Utility 0.1.0
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41382 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Json 0.1.0
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41383 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Archives 0.1.0
The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41384 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Domains 0.1.0
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41385 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Html 0.1.0
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41386 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Utility 0.1.0
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8
2022-10-11 CVE-2022-41387 Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Pdfs 0.1.0
The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.
network
low complexity
democritus CWE-434
critical
 9.8
9.8