Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2022-23329 | Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | 9.8 |
| 2022-02-04 | CVE-2022-24262 | Unrestricted Upload of File with Dangerous Type vulnerability in Voipmonitor The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | 8.8 |
| 2022-01-27 | CVE-2021-46428 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Chatbot Application Project Simple Chatbot Application 1.0 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | 9.8 |
| 2022-01-27 | CVE-2021-46097 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolphinphp 1.5.0 Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | 8.8 |
| 2022-01-26 | CVE-2021-46115 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. | 7.2 |
| 2022-01-26 | CVE-2021-46116 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. | 7.2 |
| 2022-01-26 | CVE-2021-46386 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | 9.8 |
| 2022-01-26 | CVE-2021-44123 | Unrestricted Upload of File with Dangerous Type vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a remote command execution vulnerability. | 8.8 |
| 2022-01-25 | CVE-2022-23026 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. | 4.3 |
| 2022-01-25 | CVE-2021-46033 | Unrestricted Upload of File with Dangerous Type vulnerability in Forestblog Project Forestblog In ForestBlog, as of 2021-12-28, File upload can bypass verification. | 9.8 |