Vulnerabilities > Unrestricted Upload of File with Dangerous Type
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2021-44673 | Unrestricted Upload of File with Dangerous Type vulnerability in Croogo 3.0.2 A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | 6.5 |
2022-03-10 | CVE-2022-26521 | Unrestricted Upload of File with Dangerous Type vulnerability in Abantecart Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). | 7.2 |
2022-03-10 | CVE-2022-24651 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | 7.5 |
2022-03-10 | CVE-2022-24652 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | 7.5 |
2022-03-10 | CVE-2021-43970 | Unrestricted Upload of File with Dangerous Type vulnerability in Quicklert 10.0.0 An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. | 9.0 |
2022-03-07 | CVE-2021-24216 | Unrestricted Upload of File with Dangerous Type vulnerability in Servmask One-Stop WP Migration 7.39/7.40 The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. | 6.5 |
2022-03-07 | CVE-2021-24960 | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks | 3.5 |
2022-03-07 | CVE-2022-0440 | Unrestricted Upload of File with Dangerous Type vulnerability in Catchplugins Catch Themes Demo Import The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) | 6.5 |
2022-03-02 | CVE-2022-25115 | Unrestricted Upload of File with Dangerous Type vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | 6.8 |
2022-03-02 | CVE-2022-25016 | Unrestricted Upload of File with Dangerous Type vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. | 7.5 |