Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2021-44967 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.2.4 A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | 8.8 |
| 2022-02-24 | CVE-2022-23043 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. | 7.2 |
| 2022-02-24 | CVE-2022-25360 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. | 8.8 |
| 2022-02-21 | CVE-2022-24553 | Unrestricted Upload of File with Dangerous Type vulnerability in Zfaka Project Zfaka An issue was found in Zfaka <= 1.4.5. | 9.8 |
| 2022-02-19 | CVE-2022-23375 | Unrestricted Upload of File with Dangerous Type vulnerability in Wikidocs 0.1.18 WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. | 8.8 |
| 2022-02-18 | CVE-2021-46036 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | 9.8 |
| 2022-02-16 | CVE-2022-24984 | Unrestricted Upload of File with Dangerous Type vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. | 9.8 |
| 2022-02-14 | CVE-2022-23390 | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS Forum An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | 9.8 |
| 2022-02-11 | CVE-2020-13675 | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. | 9.8 |
| 2022-02-09 | CVE-2022-23048 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS 2.6.0 Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. | 7.2 |