Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41512 1Online Diagnostic Lab Management System Project 1Online Diagnostic Lab Management System Jun 17, 2026 Oct 7, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-40721 1Creativedream File Uploader Project 1Creativedream File Uploader Jun 17, 2026 Oct 3, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Arbitrary file upload vulnerability in php uploader
CVE-2022-3125 1Najeebmedia 1Frontend File Manager Jun 17, 2026 Oct 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to uploa...Show more The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCEShow less
CVE-2022-40886 1Dedecms 1Dedecms Jun 17, 2026 Oct 3, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 DedeCMS 5.7.98 has a file upload vulnerability in the background.
CVE-2022-40341 1Mojoportal 1Mojoportal Jun 17, 2026 Sep 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.
CVE-2022-41437 1Billing System Project Project 1Billing System Project Jun 17, 2026 Sep 30, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.
CVE-2022-36066 1Discourse 1Discourse Jun 17, 2026 Sep 29, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip...Show more Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.Show less
CVE-2022-40407 1Chamilo 1Chamilo Jun 17, 2026 Sep 29, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2021-45790 1Metersphere 1Metersphere Jun 17, 2026 Sep 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.
CVE-2022-40048 1Flatpress 1Flatpress Jun 17, 2026 Sep 29, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
CVE-2022-40878 1Exam Reviewer Management System Project 1Exam Reviewer Management System Jun 17, 2026 Sep 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
CVE-2022-37346 1Ec Cube 1Product Image Bulk Upload Jun 17, 2026 Sep 27, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload...Show more EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.Show less
CVE-2022-40050 1Zfile 1Zfile Jun 17, 2026 Sep 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.
CVE-2022-40925 1Phpgurukul 1Zoo Management System Jun 17, 2026 Sep 26, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.
CVE-2022-40924 1Phpgurukul 1Zoo Management System Jun 17, 2026 Sep 26, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
CVE-2022-3076 1Cminds 1Cm Download Manager Jun 17, 2026 Sep 26, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite...Show more The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.Show less
CVE-2022-3257 1Mattermost 1Mattermost Server Jun 17, 2026 Sep 23, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing...Show more Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.Show less
CVE-2022-40087 1Simple College Website Project 1Simple College Website Jun 17, 2026 Sep 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-40932 1Phpgurukul 1Zoo Management System Jun 17, 2026 Sep 22, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.
CVE-2022-40217 1Xplodedthemes 1Wpide Jun 17, 2026 Sep 21, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.

Previous 1...136137138...206 Next