Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-43098 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3 A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. | 7.2 |
| 2022-03-28 | CVE-2021-43100 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3 A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 7.2 |
| 2022-03-28 | CVE-2021-43101 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3 A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 7.2 |
| 2022-03-28 | CVE-2021-43102 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3 A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 7.2 |
| 2022-03-28 | CVE-2021-43103 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS 5.3 A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 7.2 |
| 2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
| 2022-03-23 | CVE-2022-23880 | Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
| 2022-03-23 | CVE-2021-27428 | Unrestricted Upload of File with Dangerous Type vulnerability in GE products GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. | 9.8 |
| 2022-03-23 | CVE-2022-0888 | Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 | 9.8 |
| 2022-03-23 | CVE-2022-22952 | Unrestricted Upload of File with Dangerous Type vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. | 9.1 |