Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-43085 1Codeastro 1Restaurant Pos System May 5, 2025 Nov 1, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43083 1Vehicle Booking System Project 1Vehicle Booking System May 5, 2025 Nov 1, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-39019 1M Files 1Hubshare Nov 21, 2024 Oct 31, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
CVE-2022-42925 1Formalms 1Formalms Nov 21, 2024 Oct 31, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload componen...Show more There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.Show less
CVE-2022-41681 1Formalms 1Formalms Nov 21, 2024 Oct 31, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature...Show more There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection.Show less
CVE-2022-40471 1Oretnom23 1Clinic's Patient Management System May 6, 2025 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
CVE-2022-3771 1Easyiicms 1Easyiicms Nov 21, 2024 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unre...Show more A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.Show less
CVE-2022-43283 1Webassembly 1Wabt May 8, 2025 Oct 28, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
CVE-2022-43231 1Canteen Management System Project 1Canteen Management System May 7, 2025 Oct 28, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-37426 1Opennebula 1Opennebula Nov 21, 2024 Oct 28, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.
CVE-2022-43275 1Canteen Management System Project 1Canteen Management System May 7, 2025 Oct 28, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted...Show more Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.Show less
CVE-2022-33859 1Eaton 1Foreseer Electrical Power Monitoring System Nov 21, 2024 Oct 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime cause...Show more A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html .Show less
CVE-2021-38397 1Honeywell 4Application Control Environment Firmware C200 FirmwareC200e Firmware+1 more Nov 21, 2024 Oct 28, 2022 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2022-39978 1Online Pet Shop We App Project 1Online Pet Shop We App May 7, 2025 Oct 27, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafte...Show more Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.Show less
CVE-2022-39977 1Online Pet Shop We App Project 1Online Pet Shop We App May 7, 2025 Oct 27, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP fi...Show more Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.Show less
CVE-2022-41711 1Uatech 1Badaso May 7, 2025 Oct 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVE-2022-36452 1Mitel 1Micollab May 7, 2025 Oct 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary c...Show more A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.Show less
CVE-2022-39305 1Gin Vue Admin Project 1Gin Vue Admin Nov 21, 2024 Oct 24, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd...Show more Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds.Show less
CVE-2022-42189 1Emlog 1Emlog May 7, 2025 Oct 21, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
CVE-2022-42201 1Simple Exam Reviewer Management System Project 1Simple Exam Reviewer Management System May 8, 2025 Oct 20, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.

Previous 1...133134135...206 Next