Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,101)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-51208 1Phpgurukul 1Boat Booking System Mar 13, 2025 Nov 20, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.
CVE-2024-11404 - - Jun 2, 2026 Nov 20, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored X...Show more Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3.Show less
CVE-2024-51743 1Markusproject 1Markus Sep 4, 2025 Nov 18, 2024 7.1 HIGH· v4 8.8 HIGH· v3 N/A· v2 MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenti...Show more MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.Show less
CVE-2024-51499 1Markusproject 1Markus Sep 4, 2025 Nov 18, 2024 7.1 HIGH· v4 8.8 HIGH· v3 N/A· v2 MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController all...Show more MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.Show less
CVE-2024-52429 1Antonhoelstad 1Wp Quick Setup Apr 23, 2026 Nov 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through <= 2.0.
CVE-2024-11315 1Trcore 1Dvc Nov 20, 2024 Nov 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code...Show more The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.Show less
CVE-2024-11314 1Trcore 1Dvc Nov 20, 2024 Nov 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code...Show more The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.Show less
CVE-2024-11313 1Trcore 1Dvc Nov 20, 2024 Nov 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code...Show more The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.Show less
CVE-2024-11312 1Trcore 1Dvc Nov 20, 2024 Nov 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code...Show more The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.Show less
CVE-2024-11311 1Trcore 1Dvc Nov 20, 2024 Nov 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code...Show more The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.Show less
CVE-2024-52397 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through <= 1.4...Show more Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through <= 1.4.Show less
CVE-2024-52408 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affec...Show more Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8.Show less
CVE-2024-52407 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from...Show more Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0.Show less
CVE-2024-52406 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26.
CVE-2024-52405 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through <= 1.1.
CVE-2024-52404 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3.
CVE-2024-52403 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1.
CVE-2024-52400 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through <= 1.01.
CVE-2024-52399 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <= 3.1.6.
CVE-2024-52398 - - Apr 23, 2026 Nov 16, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3.

Previous 1...686970...206 Next