Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2021-46116 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. | 7.2 |
| 2022-01-26 | CVE-2021-46386 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | 9.8 |
| 2022-01-26 | CVE-2021-44123 | Unrestricted Upload of File with Dangerous Type vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a remote command execution vulnerability. | 8.8 |
| 2022-01-25 | CVE-2022-23026 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. | 4.3 |
| 2022-01-25 | CVE-2021-46033 | Unrestricted Upload of File with Dangerous Type vulnerability in Forestblog Project Forestblog In ForestBlog, as of 2021-12-28, File upload can bypass verification. | 9.8 |
| 2022-01-25 | CVE-2021-46113 | Unrestricted Upload of File with Dangerous Type vulnerability in Kea-Hotel-Erp Project Kea-Hotel-Erp In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. | 8.8 |
| 2022-01-21 | CVE-2022-22929 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | 9.8 |
| 2022-01-21 | CVE-2022-23315 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | 9.8 |
| 2022-01-19 | CVE-2021-45808 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress v4.2.0 allows users to register an account by default. | 8.8 |
| 2022-01-18 | CVE-2021-46013 | Unrestricted Upload of File with Dangerous Type vulnerability in Free School Management Software Project Free School Management Software 1.0 An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. | 9.8 |