Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-26 | CVE-2022-28528 | Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. | 8.8 |
| 2022-04-26 | CVE-2022-27468 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstaftp Monsta FTP 2.10.3 Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | 9.8 |
| 2022-04-25 | CVE-2021-39040 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics Workspace 2.0 IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. | 8.0 |
| 2022-04-25 | CVE-2022-22392 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics Workspace 2.0 IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. | 7.8 |
| 2022-04-25 | CVE-2022-28053 | Unrestricted Upload of File with Dangerous Type vulnerability in Typemill 1.5.3 Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. | 8.8 |
| 2022-04-21 | CVE-2022-27478 | Unrestricted Upload of File with Dangerous Type vulnerability in Victor CMS Project Victor CMS 1.0 Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. | 8.8 |
| 2022-04-21 | CVE-2022-28021 | Unrestricted Upload of File with Dangerous Type vulnerability in Purchase Order Management System Project Purchase Order Management System 1.0 Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. | 9.8 |
| 2022-04-21 | CVE-2022-28440 | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6 An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
| 2022-04-12 | CVE-2022-27139 | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 |
| 2022-04-12 | CVE-2022-27140 | Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1 An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |