Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-1785 1Imagely 1Nextgen Gallery Nov 21, 2024 Jul 7, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user upl...Show more In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.Show less
CVE-2015-1784 1Imagely 1Nextgen Gallery Nov 21, 2024 Jul 7, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user upl...Show more In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.Show less
CVE-2022-32413 1Dice Project 1Dice Jun 17, 2026 Jul 5, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-2268 1Soflyy 1Wp All Import Jun 17, 2026 Jul 4, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upl...Show more The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCEShow less
CVE-2022-31943 1Mingsoft 1Mcms Jun 17, 2026 Jul 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVE-2021-37770 1Nucleuscms 1Nucleus Cms Jun 17, 2026 Jun 30, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType appl...Show more Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.Show less
CVE-2022-32994 1Halo 1Halo Jun 17, 2026 Jun 27, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
CVE-2022-31086 2Debian Ldap Account Manager 2Debian Linux Ldap Account Manager Jun 17, 2026 Jun 27, 2022 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to conf...Show more LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.Show less
CVE-2022-2212 1Library Management System Project 1Library Management System Jun 17, 2026 Jun 27, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image lead...Show more A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2021-38945 2Ibm Netapp 2Cognos Analytics Oncommand Insight Jun 17, 2026 Jun 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVE-2022-2102 1Secheron 1Sepcos Control And Protection Relay Firmware Jun 17, 2026 Jun 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded an...Show more Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.Show less
CVE-2022-1519 1Illumina 1Local Run Manager Jun 17, 2026 Jun 24, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
CVE-2013-1916 1User Photo Project 1User Photo Nov 21, 2024 Jun 24, 2022 N/A· v4 8.8 HIGH· v3 8.5 HIGH· v2 In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the p...Show more In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.Show less
CVE-2022-31362 1Docebo 1Docebo Jun 17, 2026 Jun 23, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-40954 1Laiketui 1Laiketui Jun 17, 2026 Jun 23, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVE-2022-31374 1Contec 1Sv Cpt Mc310 Firmware Jun 17, 2026 Jun 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
CVE-2022-2128 1Trudesk Project 1Trudesk Jun 17, 2026 Jun 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-1939 1Allow Svg Files Project 1Allow Svg Files Jun 17, 2026 Jun 20, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to
CVE-2017-20063 1Elefantcms 1Elefant Cms Nov 21, 2024 Jun 20, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to imprope...Show more A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.Show less
CVE-2022-2111 1Inventree Project 1Inventree Jun 17, 2026 Jun 17, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.

Previous 1...141142143...206 Next