Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-30 | CVE-2021-42099 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine M365 Manager Plus Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | 9.8 |
| 2021-11-30 | CVE-2021-42123 | Unrestricted Upload of File with Dangerous Type vulnerability in Businessdnasolutions Topease Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. | 8.8 |
| 2021-11-28 | CVE-2021-44093 | Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2 A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | 9.8 |
| 2021-11-28 | CVE-2021-44094 | Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2 ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | 7.8 |
| 2021-11-19 | CVE-2021-22968 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. | 7.2 |
| 2021-11-14 | CVE-2021-43617 | Unrestricted Upload of File with Dangerous Type vulnerability in Laravel Framework Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. | 9.8 |
| 2021-11-11 | CVE-2021-41833 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Patch Connect Plus 9.0.0 Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | 9.8 |
| 2021-11-08 | CVE-2020-23572 | Unrestricted Upload of File with Dangerous Type vulnerability in Beescms 4.0 BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. | 8.8 |
| 2021-11-08 | CVE-2021-28023 | Unrestricted Upload of File with Dangerous Type vulnerability in Servicetonic Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. | 9.8 |
| 2021-11-08 | CVE-2021-31599 | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachi products An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. | 8.8 |