Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-46135 1Aerocms Project 1Aerocms Apr 17, 2025 Dec 16, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
CVE-2022-45338 1Exactsoftware 1Exact Synergy Apr 21, 2025 Dec 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a...Show more An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.Show less
CVE-2020-20588 1Ibarn Project 1Ibarn Apr 21, 2025 Dec 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.
CVE-2022-4506 1Open Emr 1Openemr Nov 21, 2024 Dec 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-41267 1Sap 1Business Objects Business Intelligence Platform Nov 21, 2024 Dec 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take...Show more SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.Show less
CVE-2022-45275 1Dynamic Transaction Queuing System Project 1Dynamic Transaction Queuing System Apr 23, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-3912 1Wpeverest 1User Registration Apr 22, 2025 Dec 12, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated us...Show more The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.Show less
CVE-2022-45968 2Alist Project Alistgo 2Alist Alist Feb 13, 2026 Dec 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
CVE-2022-45759 1Sens Project 1Sens Apr 22, 2025 Dec 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 SENS v1.0 has a file upload vulnerability.
CVE-2022-46828 1Jetbrains 1Intellij Idea Nov 21, 2024 Dec 8, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
CVE-2022-45009 1Online Leave Management System Project 1Online Leave Management System Apr 23, 2025 Dec 7, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary...Show more Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.Show less
CVE-2022-45359 1Yithemes 1Yith Woocommerce Gift Cards Nov 21, 2024 Dec 6, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.
CVE-2022-45548 1Ayacms Project 1Ayacms Apr 23, 2025 Dec 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.
CVE-2022-44289 1Thinkphp 1Thinkphp Apr 23, 2025 Dec 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
CVE-2022-45912 1Zimbra 1Collaboration Apr 24, 2025 Dec 5, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the Client...Show more An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.Show less
CVE-2022-45771 1Pwndoc Project 1Pwndoc Apr 24, 2025 Dec 5, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.
CVE-2022-4276 1House Rental System Project 1House Rental System Nov 21, 2024 Dec 3, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of t...Show more A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.Show less
CVE-2022-4273 1Oretnom23 1Human Resource Management System Nov 21, 2024 Dec 3, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the compone...Show more A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.Show less
CVE-2022-4272 1Warehouse Management System Project 1Warehouse Management System Nov 21, 2024 Dec 3, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfi...Show more A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.Show less
CVE-2022-36431 1Rocketsoftware 1Trufusion Apr 24, 2025 Dec 1, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.

Previous 1...130131132...206 Next