Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2022-24387 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartertools Smartertrack With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. | 7.2 |
| 2022-03-11 | CVE-2022-0921 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | 6.7 |
| 2022-03-11 | CVE-2022-0912 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | 4.8 |
| 2022-03-10 | CVE-2021-44673 | Unrestricted Upload of File with Dangerous Type vulnerability in Croogo 3.0.2 A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | 8.8 |
| 2022-03-10 | CVE-2022-26521 | Unrestricted Upload of File with Dangerous Type vulnerability in Abantecart Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). | 7.2 |
| 2022-03-10 | CVE-2022-24651 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | 9.8 |
| 2022-03-10 | CVE-2022-24652 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentcms 4.0.0 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | 9.8 |
| 2022-03-10 | CVE-2021-43970 | Unrestricted Upload of File with Dangerous Type vulnerability in Quicklert 10.0.0 An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. | 8.8 |
| 2022-03-07 | CVE-2021-24216 | Unrestricted Upload of File with Dangerous Type vulnerability in Servmask One-Stop WP Migration 7.39/7.40 The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. | 7.2 |
| 2022-03-07 | CVE-2021-24960 | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks | 5.4 |