Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2022-24253 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | 6.5 |
| 2022-03-01 | CVE-2022-24254 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | 6.5 |
| 2022-02-28 | CVE-2022-23906 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. | 6.5 |
| 2022-02-28 | CVE-2022-25411 | Unrestricted Upload of File with Dangerous Type vulnerability in Max-3000 Maxsite CMS 108 A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | 7.5 |
| 2022-02-26 | CVE-2022-26149 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | 7.2 |
| 2022-02-24 | CVE-2021-44664 | Unrestricted Upload of File with Dangerous Type vulnerability in Xerte An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. | 6.5 |
| 2022-02-24 | CVE-2021-44967 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.2.4 A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | 9.0 |
| 2022-02-24 | CVE-2022-23043 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. | 6.5 |
| 2022-02-24 | CVE-2022-25360 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2 WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. | 6.5 |
| 2022-02-21 | CVE-2022-24553 | Unrestricted Upload of File with Dangerous Type vulnerability in Zfaka Project Zfaka An issue was found in Zfaka <= 1.4.5. | 7.5 |