Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-27435 | Unrestricted Upload of File with Dangerous Type vulnerability in Ecommerce-Website Project Ecommerce-Website 1.1.0 An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | 8.8 |
| 2022-04-04 | CVE-2022-28062 | Unrestricted Upload of File with Dangerous Type vulnerability in Online CAR Rental System Project Online CAR Rental System 1.0 Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | 8.8 |
| 2022-04-03 | CVE-2022-27249 | Unrestricted Upload of File with Dangerous Type vulnerability in Idearespa Reftree An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. | 8.8 |
| 2022-04-01 | CVE-2021-32961 | Unrestricted Upload of File with Dangerous Type vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. | 7.5 |
| 2022-04-01 | CVE-2022-23155 | Unrestricted Upload of File with Dangerous Type vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. | 7.2 |
| 2022-03-31 | CVE-2021-34257 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpanel CMS Project Wpanel CMS Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. | 8.8 |
| 2022-03-31 | CVE-2022-24136 | Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. | 9.8 |
| 2022-03-30 | CVE-2022-26645 | Unrestricted Upload of File with Dangerous Type vulnerability in Banking System Project Banking System 1.0 A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | 9.8 |
| 2022-03-30 | CVE-2022-28223 | Unrestricted Upload of File with Dangerous Type vulnerability in Tekon products Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. | 7.2 |
| 2022-03-29 | CVE-2021-45865 | Unrestricted Upload of File with Dangerous Type vulnerability in Student Attendance Management System Project Student Attendance Management System 1.0 A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. | 9.8 |