Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2020-28062 | Unrestricted Upload of File with Dangerous Type vulnerability in Hisiphp 2.0.11 An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. | 6.5 |
| 2022-04-04 | CVE-2022-0403 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpjos Library File Manager The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. | 5.5 |
| 2022-04-04 | CVE-2022-0537 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. | 7.2 |
| 2022-04-04 | CVE-2022-27435 | Unrestricted Upload of File with Dangerous Type vulnerability in Ecommerce-Website Project Ecommerce-Website 1.1.0 An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | 6.5 |
| 2022-04-04 | CVE-2022-28062 | Unrestricted Upload of File with Dangerous Type vulnerability in Online CAR Rental System Project Online CAR Rental System 1.0 Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | 6.5 |
| 2022-04-03 | CVE-2022-27249 | Unrestricted Upload of File with Dangerous Type vulnerability in Idearespa Reftree An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. | 9.0 |
| 2022-04-01 | CVE-2021-32961 | Unrestricted Upload of File with Dangerous Type vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. | 5.0 |
| 2022-04-01 | CVE-2022-23155 | Unrestricted Upload of File with Dangerous Type vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. | 9.0 |
| 2022-03-31 | CVE-2021-34257 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpanel CMS Project Wpanel CMS Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. | 6.5 |
| 2022-03-31 | CVE-2022-24136 | Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. | 7.5 |