Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-23328 1Avantfax 1Avantfax Mar 4, 2025 Mar 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
CVE-2023-1328 1115cms 1115cms Nov 21, 2024 Mar 10, 2023 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to l...Show more A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability.Show less
CVE-2023-27164 1Halo 1Halo Nov 21, 2024 Mar 10, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
CVE-2023-1313 1Agentejo 1Cockpit Nov 21, 2024 Mar 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.
CVE-2023-1303 1Ucms Project 1Ucms Nov 21, 2024 Mar 9, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argumen...Show more A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683.Show less
CVE-2021-33352 1Wyomind 1Help Desk Mar 5, 2025 Mar 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
CVE-2023-22890 1Smartbear 1Zephyr Enterprise Mar 5, 2025 Mar 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
CVE-2015-10087 1Upthemes 1Designfolio Plus Nov 21, 2024 Mar 7, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulati...Show more UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2021-4330 1Envato 2Envato Elements Template Kit Import Apr 8, 2026 Mar 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTem...Show more The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.Show less
CVE-2023-26949 1Onekeyadmin 1Onekeyadmin Nov 21, 2024 Mar 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-1185 1Shopex 1Ecshop Nov 21, 2024 Mar 6, 2023 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to i...Show more A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.Show less
CVE-2023-1184 1Shopex 1Ecshop Nov 21, 2024 Mar 6, 2023 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. Th...Show more A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.Show less
CVE-2023-25402 1Yf Exam Project 1Yf Exam Mar 6, 2025 Mar 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.
CVE-2023-20009 1Cisco 2Email Security Appliance Secure Email And Web Manager Nov 21, 2024 Mar 1, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker t...Show more A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.Show less
CVE-2023-24045 1Dataiku 1Data Science Studio Mar 10, 2025 Mar 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request.
CVE-2023-24249 1Laravel Admin 1Laravel Admin Nov 21, 2024 Feb 27, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-26762 1Smeup 1Erp Nov 21, 2024 Feb 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.
CVE-2021-35290 1Balero Cms Project 1Balero Cms Nov 21, 2024 Feb 24, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.
CVE-2021-33224 1Umbraco 1Umbraco Forms Nov 21, 2024 Feb 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
CVE-2023-24317 1Judging Management System Project 1Judging Management System Nov 21, 2024 Feb 23, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.

Previous 1...126127128...206 Next