Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-27263 Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.5
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
strapi CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-27952 Unrestricted Upload of File with Dangerous Type vulnerability in Payloadcms Payload 0.15.0
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
network
low complexity
payloadcms CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-28397 Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
ghost CWE-434
critical
 9.8
9.8
2022-04-11 CVE-2022-24837 Unrestricted Upload of File with Dangerous Type vulnerability in Hedgedoc 1.9.1/1.9.2
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor.
network
low complexity
hedgedoc CWE-434
5.3
5.3
2022-04-11 CVE-2022-27115 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
network
low complexity
std42 CWE-434
critical
 9.8
9.8
2022-04-10 CVE-2022-27129 Unrestricted Upload of File with Dangerous Type vulnerability in Zbzcms 1.0
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
zbzcms CWE-434
critical
 9.8
9.8
2022-04-10 CVE-2022-27131 Unrestricted Upload of File with Dangerous Type vulnerability in Zbzcms 1.0
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
zbzcms CWE-434
critical
 9.8
9.8
2022-04-10 CVE-2022-27477 Unrestricted Upload of File with Dangerous Type vulnerability in Newbee-Mall Project Newbee-Mall 1.0
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
network
low complexity
newbee-mall-project CWE-434
critical
 9.8
9.8
2022-04-08 CVE-2022-27047 Unrestricted Upload of File with Dangerous Type vulnerability in Moguit Mogu Blog CMS 5.2
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
network
low complexity
moguit CWE-434
critical
 9.8
9.8
2022-04-08 CVE-2021-46367 Unrestricted Upload of File with Dangerous Type vulnerability in Ritecms
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel.
network
low complexity
ritecms CWE-434
7.2
7.2