Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-23880 | Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | 7.5 |
| 2022-03-23 | CVE-2021-27428 | Unrestricted Upload of File with Dangerous Type vulnerability in GE products GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. | 7.5 |
| 2022-03-23 | CVE-2022-0888 | Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 | 9.8 |
| 2022-03-23 | CVE-2022-22952 | Unrestricted Upload of File with Dangerous Type vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. | 9.0 |
| 2022-03-23 | CVE-2022-1033 | Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | 6.5 |
| 2022-03-22 | CVE-2022-1034 | Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | 6.5 |
| 2022-03-21 | CVE-2022-23346 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | 6.5 |
| 2022-03-21 | CVE-2022-0687 | Unrestricted Upload of File with Dangerous Type vulnerability in Tms-Outsource Amelia 1.0.46 The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. | 6.5 |
| 2022-03-21 | CVE-2022-0415 | Unrestricted Upload of File with Dangerous Type vulnerability in Gogs Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | 6.5 |
| 2022-03-20 | CVE-2020-26007 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopxo 1.9.0 An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 6.8 |