Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2021-46036 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | 9.8 |
| 2022-02-16 | CVE-2022-24984 | Unrestricted Upload of File with Dangerous Type vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. | 9.8 |
| 2022-02-14 | CVE-2022-23390 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS Forum An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | 9.8 |
| 2022-02-11 | CVE-2020-13675 | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. | 9.8 |
| 2022-02-09 | CVE-2022-23048 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. | 7.2 |
| 2022-02-09 | CVE-2021-37194 | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). | 7.5 |
| 2022-02-09 | CVE-2021-46360 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocproducts Composr Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | 8.8 |
| 2022-02-09 | CVE-2022-24676 | Unrestricted Upload of File with Dangerous Type vulnerability in Hyphp Hybbs2 update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | 8.8 |
| 2022-02-07 | CVE-2021-24947 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkupthemes Responsive Vector Maps The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server | 6.5 |
| 2022-02-04 | CVE-2022-0472 | Unrestricted Upload of File with Dangerous Type vulnerability in Laracom Project Laracom Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | 5.4 |