Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2022-26605 | Unrestricted Upload of File with Dangerous Type vulnerability in Dascomsoft Eziosuite 2.0.7 eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | 8.8 |
| 2022-04-06 | CVE-2022-26607 | Unrestricted Upload of File with Dangerous Type vulnerability in Baigo CMS 3.0 A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | 7.2 |
| 2022-04-05 | CVE-2022-26630 | Unrestricted Upload of File with Dangerous Type vulnerability in Jellycms Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. | 8.8 |
| 2022-04-05 | CVE-2021-28428 | Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0 File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. | 9.8 |
| 2022-04-05 | CVE-2022-26619 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.4.17 Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | 7.5 |
| 2022-04-04 | CVE-2020-28062 | Unrestricted Upload of File with Dangerous Type vulnerability in Hisiphp 2.0.11 An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. | 7.2 |
| 2022-04-04 | CVE-2022-27435 | Unrestricted Upload of File with Dangerous Type vulnerability in Ecommerce-Website Project Ecommerce-Website 1.1.0 An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | 8.8 |
| 2022-04-04 | CVE-2022-28062 | Unrestricted Upload of File with Dangerous Type vulnerability in Online CAR Rental System Project Online CAR Rental System 1.0 Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | 8.8 |
| 2022-04-03 | CVE-2022-27249 | Unrestricted Upload of File with Dangerous Type vulnerability in Idearespa Reftree An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. | 8.8 |
| 2022-04-01 | CVE-2021-32961 | Unrestricted Upload of File with Dangerous Type vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. | 7.5 |