Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-20 | CVE-2020-26007 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopxo 1.9.0 An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 7.8 |
| 2022-03-20 | CVE-2020-26008 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopxo 1.9.0 The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | 7.8 |
| 2022-03-20 | CVE-2021-39384 | Unrestricted Upload of File with Dangerous Type vulnerability in Diaowen Dwsurvey 3.2.0 DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | 9.8 |
| 2022-03-18 | CVE-2022-25581 | Unrestricted Upload of File with Dangerous Type vulnerability in Classcms Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. | 7.8 |
| 2022-03-18 | CVE-2022-25602 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.8 |
| 2022-03-18 | CVE-2021-45834 | Unrestricted Upload of File with Dangerous Type vulnerability in Opendocman 1.4.4 An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | 9.8 |
| 2022-03-18 | CVE-2021-45835 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Admission System Project Online Admissions System 1.0 The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | 9.8 |
| 2022-03-18 | CVE-2022-26965 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.16 In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 7.2 |
| 2022-03-17 | CVE-2021-45040 | Unrestricted Upload of File with Dangerous Type vulnerability in Spatie Laravel Media Library 1.17.10/2.0.0/2.1.6 The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | 9.8 |
| 2022-03-16 | CVE-2022-0959 | Unrestricted Upload of File with Dangerous Type vulnerability in Postgresql Pgadmin 4 A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | 6.5 |