Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-27140 Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
express-fileupload-project CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-27260 Unrestricted Upload of File with Dangerous Type vulnerability in Buttercms 1.2.8
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
network
low complexity
buttercms CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-27261 Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
network
low complexity
express-fileupload-project CWE-434
7.5
7.5
2022-04-12 CVE-2022-27262 Unrestricted Upload of File with Dangerous Type vulnerability in Sailsjs Skipper 0.9.1
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
sailsjs CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-27263 Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.5
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
strapi CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-27952 Unrestricted Upload of File with Dangerous Type vulnerability in Payloadcms Payload 0.15.0
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
network
low complexity
payloadcms CWE-434
critical
 9.8
9.8
2022-04-12 CVE-2022-28397 Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
ghost CWE-434
critical
 9.8
9.8
2022-04-11 CVE-2022-24837 Unrestricted Upload of File with Dangerous Type vulnerability in Hedgedoc 1.9.1/1.9.2
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor.
network
low complexity
hedgedoc CWE-434
5.3
5.3
2022-04-11 CVE-2022-27115 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
network
low complexity
std42 CWE-434
critical
 9.8
9.8
2022-04-10 CVE-2022-27129 Unrestricted Upload of File with Dangerous Type vulnerability in Zbzcms 1.0
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
zbzcms CWE-434
critical
 9.8
9.8