Vulnerabilities > Unrestricted Upload of File with Dangerous Type
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-15 | CVE-2022-25495 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 7.5 |
2022-03-15 | CVE-2022-0950 | Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | 5.4 |
2022-03-14 | CVE-2021-25003 | Unrestricted Upload of File with Dangerous Type vulnerability in Wptaskforce Wpcargo Track & Trace The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | 9.8 |
2022-03-14 | CVE-2021-42171 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to File Upload. | 6.5 |
2022-03-14 | CVE-2022-24387 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartertools Smartertrack With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. | 6.5 |
2022-03-11 | CVE-2022-0921 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | 6.5 |
2022-03-11 | CVE-2022-0912 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | 3.5 |
2022-03-10 | CVE-2021-44673 | Unrestricted Upload of File with Dangerous Type vulnerability in Croogo 3.0.2 A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | 6.5 |
2022-03-10 | CVE-2022-26521 | Unrestricted Upload of File with Dangerous Type vulnerability in Abantecart Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). | 7.2 |
2022-03-10 | CVE-2022-24651 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | 7.5 |