Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2021-37194 | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). | 7.5 |
| 2022-02-09 | CVE-2021-46360 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocproducts Composr Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | 8.8 |
| 2022-02-09 | CVE-2022-24676 | Unrestricted Upload of File with Dangerous Type vulnerability in Hyphp Hybbs2 update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | 8.8 |
| 2022-02-07 | CVE-2021-24947 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkupthemes Responsive Vector Maps The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server | 6.5 |
| 2022-02-04 | CVE-2022-0472 | Unrestricted Upload of File with Dangerous Type vulnerability in Laracom Project Laracom Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | 5.4 |
| 2022-02-04 | CVE-2022-23329 | Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | 9.8 |
| 2022-02-04 | CVE-2022-24262 | Unrestricted Upload of File with Dangerous Type vulnerability in Voipmonitor The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | 8.8 |
| 2022-01-27 | CVE-2021-46428 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Chatbot Application Project Simple Chatbot Application 1.0 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | 9.8 |
| 2022-01-27 | CVE-2021-46097 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolphinphp 1.5.0 Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | 8.8 |
| 2022-01-26 | CVE-2021-46115 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. | 7.2 |