Vulnerabilities > Unrestricted Upload of File with Dangerous Type
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-05 | CVE-2022-1411 | Unrestricted Upload of File with Dangerous Type vulnerability in Yetiforce Customer Relationship Management Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 4.3 |
2022-05-04 | CVE-2022-28568 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Doctor'S Appointment System Project Simple Doctor'S Appointment System 1.0 Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. | 7.5 |
2022-05-04 | CVE-2022-29347 | Unrestricted Upload of File with Dangerous Type vulnerability in Web@Rchiv Project Web@Rchiv 1.0 An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. | 9.8 |
2022-05-03 | CVE-2022-29001 | Unrestricted Upload of File with Dangerous Type vulnerability in Springbootmovie Project Springbootmovie 1.0/1.1/1.2 In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability | 6.5 |
2022-05-03 | CVE-2022-20743 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Firepower Management Center A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. | 8.8 |
2022-05-02 | CVE-2022-1273 | Unrestricted Upload of File with Dangerous Type vulnerability in Importwp Import WP The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | 6.5 |
2022-04-29 | CVE-2022-29451 | Unrestricted Upload of File with Dangerous Type vulnerability in Rarathemes Rara ONE Click Demo Import Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | 6.8 |
2022-04-28 | CVE-2021-43934 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartptt Scada 1.1 Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. | 7.5 |
2022-04-28 | CVE-2021-41921 | Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus 3.6.1 novel-plus V3.6.1 allows unrestricted file uploads. | 9.8 |
2022-04-26 | CVE-2022-28525 | Unrestricted Upload of File with Dangerous Type vulnerability in Ed01-Cms Project Ed01-Cms 20180505 ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. | 6.5 |