Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26852 1Textpattern 1Textpattern Feb 10, 2025 Apr 12, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVE-2020-19802 1Doyocms Project 1Doyocms Feb 11, 2025 Apr 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.
CVE-2023-27179 1Gdidees 1Gdidees Cms Feb 11, 2025 Apr 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
CVE-2023-27178 1Gdidees 1Gdidees Cms Feb 11, 2025 Apr 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.
CVE-2023-1970 1Tpadmin Project 1Tpadmin Nov 21, 2024 Apr 10, 2023 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php....Show more UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2023-29375 1Progress 1Sitefinity Feb 12, 2025 Apr 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the...Show more An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.Show less
CVE-2023-1406 1Crocoblock 1Jetengine For Elementor Feb 11, 2025 Apr 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
CVE-2023-27602 1Apache 1Linkis Feb 13, 2025 Apr 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions...Show more In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`Show less
CVE-2023-27033 1Cdesigner Project 1Cdesigner Feb 12, 2025 Apr 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().
CVE-2023-1942 1Oretnom23 1Online Computer And Laptop Store Nov 21, 2024 Apr 7, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component...Show more A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.Show less
CVE-2023-24720 1Readium 1Readium Js Feb 11, 2025 Apr 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file.
CVE-2023-0670 1Ulearn Project 1Ulearn Feb 13, 2025 Apr 5, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the appl...Show more Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.Show less
CVE-2023-20134 1Cisco 1Webex Meetings Nov 21, 2024 Apr 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more...Show more Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20073 1Cisco 4Rv340 Firmware Rv340w FirmwareRv345 Firmware+1 more Nov 21, 2024 Apr 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device...Show more A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.Show less
CVE-2023-26857 1Dynamic Transaction Queuing System Project 1Dynamic Transaction Queuing System Feb 13, 2025 Apr 5, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-0265 1Uvdesk 1Community Skeleton Feb 13, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
CVE-2023-26775 1Monitorr 1Monitorr Nov 21, 2024 Apr 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.
CVE-2021-3267 1Kitesky 1Kitecms Feb 18, 2025 Apr 4, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
CVE-2021-31707 1Kitesky 1Kitecms Feb 18, 2025 Apr 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
CVE-2023-1826 1Oretnom23 1Online Computer And Laptop Store Nov 21, 2024 Apr 4, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the...Show more A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.Show less

Previous 1...123124125...206 Next