Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-19786 1Cszcms 1Csz Cms Feb 25, 2025 Mar 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
CVE-2023-23707 1Awsm 1Embed Any Document Nov 21, 2024 Mar 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions.Show less
CVE-2023-1561 1Fabian 1Simple Online Hotel Reservation System Oct 23, 2025 Mar 22, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted u...Show more A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability.Show less
CVE-2023-1559 1Storage Unit Rental Management System Project 1Storage Unit Rental Management System Nov 21, 2024 Mar 22, 2023 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unr...Show more A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552.Show less
CVE-2023-1558 1Simple And Beautiful Shopping Cart System Project 1Simple And Beautiful Shopping Cart System Nov 21, 2024 Mar 22, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possibl...Show more A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223551.Show less
CVE-2023-28725 1Generalbytes 1Crypto Application Server Feb 26, 2025 Mar 22, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standa...Show more General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.Show less
CVE-2023-1501 1Rockoa 1Rockoa Nov 21, 2024 Mar 19, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload....Show more A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.Show less
CVE-2023-1497 1Simple And Nice Shopping Cart Script Project 1Simple And Nice Shopping Cart Script Nov 21, 2024 Mar 19, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument...Show more A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223397 was assigned to this vulnerability.Show less
CVE-2023-1484 1Xzjie Cms Project 1Xzjie Cms Nov 21, 2024 Mar 18, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload....Show more A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.Show less
CVE-2023-1479 1Simple Music Player Project 1Simple Music Player Nov 21, 2024 Mar 18, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted...Show more A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability.Show less
CVE-2023-1442 1Qykcms 1Qykcms Nov 21, 2024 Mar 17, 2023 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the...Show more A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.Show less
CVE-2023-1433 1Gadget Works Online Ordering System Project 1Gadget Works Online Ordering System Nov 21, 2024 Mar 16, 2023 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the compone...Show more A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.Show less
CVE-2023-28337 1Netgear 1Rax30 Firmware Nov 21, 2024 Mar 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use thi...Show more When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.Show less
CVE-2023-1415 1Code Projects 1Simple Art Gallery Nov 21, 2024 Mar 15, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The...Show more A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability.Show less
CVE-2023-27235 1Jizhicms 1Jizhicms Nov 21, 2024 Mar 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVE-2023-27757 1Perfree 1Perfreeblog Nov 21, 2024 Mar 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.
CVE-2023-26262 1Sitecore 2Experience Manager Experience Platform Feb 27, 2025 Mar 14, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
CVE-2023-1392 1Online Pizza Ordering System Project 1Online Pizza Ordering System Nov 21, 2024 Mar 14, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The a...Show more A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222979.Show less
CVE-2023-1391 1Online Tours & Travels Management System Project 1Online Tours & Travels Management System Nov 21, 2024 Mar 14, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument i...Show more A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.Show less
CVE-2023-0477 1Cm Wp 1Auto Featured Image Nov 21, 2024 Mar 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by...Show more The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.Show less

Previous 1...125126127...206 Next