Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2021-45834 | Unrestricted Upload of File with Dangerous Type vulnerability in Opendocman 1.4.4 An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | 9.8 |
| 2022-03-18 | CVE-2021-45835 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Admission System Project Online Admissions System 1.0 The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | 9.8 |
| 2022-03-18 | CVE-2022-26965 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.16 In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 7.2 |
| 2022-03-17 | CVE-2021-45040 | Unrestricted Upload of File with Dangerous Type vulnerability in Spatie Laravel Media Library 1.17.10/2.0.0/2.1.6 The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | 9.8 |
| 2022-03-16 | CVE-2022-0959 | Unrestricted Upload of File with Dangerous Type vulnerability in Postgresql Pgadmin 4 A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | 6.5 |
| 2022-03-15 | CVE-2022-25487 | Unrestricted Upload of File with Dangerous Type vulnerability in Thedigitalcraft Atomcms 2.0 Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | 9.8 |
| 2022-03-15 | CVE-2022-25495 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 9.8 |
| 2022-03-15 | CVE-2022-0950 | Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | 5.4 |
| 2022-03-14 | CVE-2021-25003 | Unrestricted Upload of File with Dangerous Type vulnerability in Wptaskforce Wpcargo Track & Trace The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | 9.8 |
| 2022-03-14 | CVE-2021-42171 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to File Upload. | 7.2 |