Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-02 | CVE-2022-25115 | Unrestricted Upload of File with Dangerous Type vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | 7.8 |
| 2022-03-02 | CVE-2022-25016 | Unrestricted Upload of File with Dangerous Type vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. | 9.8 |
| 2022-03-01 | CVE-2022-24251 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | 8.8 |
| 2022-03-01 | CVE-2022-24252 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | 8.8 |
| 2022-03-01 | CVE-2022-24253 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | 8.8 |
| 2022-03-01 | CVE-2022-24254 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | 8.8 |
| 2022-02-28 | CVE-2022-23906 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. | 7.2 |
| 2022-02-28 | CVE-2022-25411 | Unrestricted Upload of File with Dangerous Type vulnerability in Max-3000 Maxsite CMS 108 A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
| 2022-02-26 | CVE-2022-26149 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | 7.2 |
| 2022-02-24 | CVE-2021-44664 | Unrestricted Upload of File with Dangerous Type vulnerability in Xerte An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. | 8.8 |