Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2022-03-29 CVE-2021-45865 Unrestricted Upload of File with Dangerous Type vulnerability in Student Attendance Management System Project Student Attendance Management System 1.0
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.
7.5
2022-03-28 CVE-2021-43098 Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3
A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function.
network
low complexity
diyhi CWE-434
6.5
2022-03-28 CVE-2021-43100 Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3
A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.
network
low complexity
diyhi CWE-434
6.5
2022-03-28 CVE-2021-43101 Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3
A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.
network
low complexity
diyhi CWE-434
6.5
2022-03-28 CVE-2021-43102 Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3
A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.
network
low complexity
diyhi CWE-434
6.5
2022-03-28 CVE-2021-43103 Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3
A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.
network
low complexity
diyhi CWE-434
6.5
2022-03-28 CVE-2022-0499 Unrestricted Upload of File with Dangerous Type vulnerability in Sermon Browser Project Sermon Browser
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.
6.8
2022-03-25 CVE-2021-40905 Unrestricted Upload of File with Dangerous Type vulnerability in Tribe29 Checkmk
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible.
network
low complexity
tribe29 CWE-434
8.8
2022-03-23 CVE-2022-23880 Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
taogogo CWE-434
7.5
2022-03-23 CVE-2021-27428 Unrestricted Upload of File with Dangerous Type vulnerability in GE products
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup.
network
low complexity
ge CWE-434
7.5