Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4232 1Rinvizle 1Event Registration System Nov 21, 2024 Nov 30, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is poss...Show more A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.Show less
CVE-2022-44354 1Contec 1Solarview Compact Firmware Apr 25, 2025 Nov 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
CVE-2022-38140 1Squirrly 1Seo Plugin By Squirrly Seo Nov 21, 2024 Nov 28, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.
CVE-2022-44401 1Online Tours & Travels Management System Project 1Online Tours & Travels Management System Apr 29, 2025 Nov 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.
CVE-2022-44400 1Purchase Order Management System Project 1Purchase Order Management System Apr 25, 2025 Nov 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.
CVE-2022-45476 1Prasathmani 1Tiny File Manager Dec 31, 2025 Nov 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...Show more Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. Show less
CVE-2022-41705 1Uatech 1Badaso Apr 29, 2025 Nov 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVE-2022-45039 1Wbce 1Wbce Cms Apr 25, 2025 Nov 25, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2021-43258 1Churchdb 1Churchinfo Apr 28, 2025 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to t...Show more CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.Show less
CVE-2020-23591 1Optilinknetwork 1Op Xt71000n Firmware Apr 29, 2025 Nov 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of...Show more A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf .' in the code), reverse connection (using '.asp' webshell), backdoor.Show less
CVE-2022-2791 1Emerson 1Proficy Nov 21, 2024 Nov 22, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.
CVE-2022-30529 1Isic.lk Project 1Isic.lk Apr 28, 2025 Nov 22, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php an...Show more File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.Show less
CVE-2022-42698 1Api2cart 1Api2cart Bridge Connector Nov 21, 2024 Nov 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVE-2022-40200 1Gvectors 1Wpforo Forum Feb 20, 2025 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2022-43192 1Dedecms 1Dedecms Apr 29, 2025 Nov 17, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete...Show more An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.Show less
CVE-2022-44384 1Rconfig 1Rconfig Apr 29, 2025 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43234 1Hoosk 1Hoosk Apr 30, 2025 Nov 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43265 1Canteen Management System Project 1Canteen Management System Apr 30, 2025 Nov 15, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43146 1Canteen Management System Project 1Canteen Management System May 1, 2025 Nov 14, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-3944 1Erp Project 1Erp Nov 21, 2024 Nov 11, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commo...Show more A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.Show less

Previous 1...131132133...206 Next