Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2744 1Gym Management System Project 1Gym Management System Jun 17, 2026 Aug 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Backgr...Show more A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012.Show less
CVE-2022-2740 1Company Website Cms Project 1Company Website Cms Jun 17, 2026 Aug 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation o...Show more A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability.Show less
CVE-2022-2736 1Company Website Cms Project 1Company Website Cms Jun 17, 2026 Aug 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The ma...Show more A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-205881 was assigned to this vulnerability.Show less
CVE-2022-35426 1Ucms Project 1Ucms Jun 17, 2026 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
CVE-2022-36264 1Airspan 1Airspot 5410 Firmware Jun 17, 2026 Aug 8, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of the...Show more In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.Show less
CVE-2022-2356 1Mediajedi 1User Private Files Jun 17, 2026 Aug 8, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
CVE-2022-2046 1Wpwax 1Directorist Jun 17, 2026 Aug 8, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow admi...Show more The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.Show less
CVE-2022-2694 1Company Website Cms Project 1Company Website Cms Jun 17, 2026 Aug 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely....Show more A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability.Show less
CVE-2022-2678 1Alphaware E Commerce System Project 1Alphaware E Commerce System Jun 17, 2026 Aug 5, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Manageme...Show more A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability.Show less
CVE-2022-2647 1Jeecg 1Jeecg Boot Jun 17, 2026 Aug 4, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be...Show more A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability.Show less
CVE-2022-34613 1Mealie Project 1Mealie Jun 17, 2026 Aug 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.
CVE-2022-34154 1Ideastocode 1Enable Svg, Webp & Ico Upload Jun 17, 2026 Aug 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
CVE-2022-34496 1Hiby 2Hiby R3 Pro Firmware Hiby R3 Pro Saber Firmware Jun 17, 2026 Jul 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.
CVE-2022-34578 1Opensourcepos 1Open Source Point Of Sale Jun 17, 2026 Jul 28, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.
CVE-2022-34120 1Barangay Management System Project 1Barangay Management System Jun 17, 2026 Jul 27, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php.
CVE-2022-34549 1Sims Project 1Sims Jun 17, 2026 Jul 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.
CVE-2022-34971 1Feehi 1Feehi Cms Jun 17, 2026 Jul 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-34965 1Openteknik 1Open Source Social Network Jun 17, 2026 Jul 25, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute...Show more OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.Show less
CVE-2022-34115 1Dataease 1Dataease Jun 17, 2026 Jul 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
CVE-2022-28700 1Givewp 1Givewp Jun 17, 2026 Jul 21, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

Previous 1...139140141...206 Next