Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-1728 1Fernus 1Learning Management Systems Nov 21, 2024 Apr 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03.
CVE-2023-1800 1Go Fastdfs Project 1Go Fastdfs Nov 21, 2024 Apr 2, 2023 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The mani...Show more A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.Show less
CVE-2023-1797 1Otcms 1Otcms Nov 21, 2024 Apr 2, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack...Show more A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability.Show less
CVE-2022-47191 1Generex 1Cs141 Firmware Nov 21, 2024 Mar 31, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
CVE-2022-47190 1Generex 1Cs141 Firmware Nov 21, 2024 Mar 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
CVE-2023-26830 1Gladinet 1Centrestack Feb 18, 2025 Mar 31, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to...Show more An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.Show less
CVE-2023-1744 1Ibos 1Ibos Nov 21, 2024 Mar 30, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remote...Show more A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632.Show less
CVE-2023-1739 1Simple And Beautiful Shopping Cart System Project 1Simple And Beautiful Shopping Cart System Nov 21, 2024 Mar 30, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestric...Show more A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224627.Show less
CVE-2023-28833 1Nextcloud 1Nextcloud Server Nov 21, 2024 Mar 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files...Show more Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources.Show less
CVE-2023-1734 1Young Entrepreneur E Negosyo System Project 1Young Entrepreneur E Negosyo System Nov 21, 2024 Mar 30, 2023 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of t...Show more A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-224622 is the identifier assigned to this vulnerability.Show less
CVE-2023-28731 1Acymailing 1Acymailing Nov 21, 2024 Mar 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected....Show more AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. Show less
CVE-2023-26968 1Atrocore 1Atrocore Feb 18, 2025 Mar 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.
CVE-2023-1684 1Hadsky 1Hadsky Nov 21, 2024 Mar 29, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is...Show more A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability.Show less
CVE-2023-27246 1Mk Auth 1Mk Auth Feb 18, 2025 Mar 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file.
CVE-2022-3682 1Hitachienergy 1Sdm600 Nov 21, 2024 Mar 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could resu...Show more A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.1:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::* Show less
CVE-2023-28652 1Sauter Controls 1Ey As525f001 Firmware Jan 17, 2025 Mar 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.
CVE-2023-25828 1Pluck Cms 1Pluck Feb 19, 2025 Mar 27, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Alb...Show more Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High) Show less
CVE-2023-25909 1Hgiga 1Oaklouds Portal Nov 21, 2024 Mar 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbit...Show more HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.Show less
CVE-2023-25655 1Basercms 1Basercms Nov 21, 2024 Mar 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
CVE-2023-25654 1Basercms 1Basercms Nov 21, 2024 Mar 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

Previous 1...124125126...206 Next