Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-39983 1Instantdeveloper 1Rd3 Jul 17, 2025 Feb 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code.
CVE-2022-41217 1Hybridsoftware 1Cloudflow Nov 21, 2024 Feb 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.
CVE-2022-2883 1Octopus 1Octopus Server Mar 11, 2025 Feb 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVE-2023-0943 1Best Pos Management System Project 1Best Pos Management System Nov 21, 2024 Feb 21, 2023 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the compone...Show more A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.Show less
CVE-2023-0918 1Pharmacy Management System Project 1Pharmacy Management System Nov 21, 2024 Feb 19, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulatio...Show more A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability.Show less
CVE-2021-35261 1Bearadmin Project 1Bearadmin Mar 18, 2025 Feb 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.
CVE-2023-22937 1Splunk 2Splunk Splunk Cloud Platform Nov 21, 2024 Feb 14, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the foll...Show more In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.Show less
CVE-2023-24530 1Sap 1Businessobjects Business Intelligence Platform Nov 21, 2024 Feb 14, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitati...Show more SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. Show less
CVE-2023-23851 1Sap 1Business Planning And Consolidation Nov 21, 2024 Feb 14, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the up...Show more SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. Show less
CVE-2023-24646 2Online Food Ordering System Project Oretnom23 2Online Food Ordering System Online Food Ordering System Mar 30, 2026 Feb 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-0255 1Shortpixel 1Enable Media Replace Mar 21, 2025 Feb 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
CVE-2023-0783 1Shopex 1Ecshop Nov 21, 2024 Feb 11, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted...Show more A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.Show less
CVE-2022-45527 1Institutional Management Website Project 1Institutional Management Website Mar 25, 2025 Feb 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.
CVE-2023-24202 1Oretnom23 1Raffle Draw System Mar 26, 2025 Feb 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.
CVE-2023-23937 1Pimcore 1Pimcore Nov 21, 2024 Feb 3, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowi...Show more Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. Show less
CVE-2021-36426 1Phpwcms 1Phpwcms Mar 26, 2025 Feb 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.
CVE-2022-48079 1Mengnai 1Aapanel Host System Mar 27, 2025 Feb 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system.
CVE-2023-0651 1Fastcms Project 1Fastcms Nov 21, 2024 Feb 2, 2023 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launc...Show more A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-46604 1Tecrail 1Responsive Filemanager Mar 27, 2025 Feb 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
CVE-2023-23135 1Ftdms Project 1Ftdms Mar 27, 2025 Feb 1, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.

Previous 1...127128129...206 Next