Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41421 1Maianmedia 1Maianaffiliate Jun 17, 2026 Jun 16, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.
CVE-2022-32433 1Advanced School Management System Project 1Advanced School Management System Jun 17, 2026 Jun 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php.
CVE-2021-40940 1Monstra 1Monstra Jun 17, 2026 Jun 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
CVE-2021-42675 1Kreado 1Kreasfero Jun 17, 2026 Jun 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.
CVE-2022-31041 1Maykinmedia 1Open Forms Jun 17, 2026 Jun 13, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded b...Show more Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application.Show less
CVE-2022-0863 1Wp Svg Icons Project 1Wp Svg Icons Jun 17, 2026 Jun 13, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote...Show more The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.Show less
CVE-2017-20021 1Solar Log 8Solar Log 1000 Firmware Solar Log 1000 Pm+ FirmwareSolar Log 1200 Firmware+5 more Nov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possibl...Show more A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.Show less
CVE-2021-35532 1Hitachienergy 1Txpert Hub Coretec 4 Firmware Jun 17, 2026 Jun 7, 2022 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an acc...Show more A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.Show less
CVE-2022-30860 1Fudforum 1Fudforum Jun 17, 2026 Jun 6, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
CVE-2022-32019 1Car Rental Management System Project 1Car Rental Management System Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.
CVE-2021-45982 1Netscout 1Ngeniusone Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.
CVE-2022-30822 1Wedding Management System Project 1Wedding Management System Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file.
CVE-2022-30821 1Wedding Management System Project 1Wedding Management System Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
CVE-2022-30820 1Wedding Management System Project 1Wedding Management System Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.
CVE-2022-30819 1Wedding Management System Project 1Wedding Management System Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.
CVE-2022-30808 1Elitecms 1Elite Cms Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.
CVE-2022-30506 1Mingsoft 1Mcms Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
CVE-2022-30423 1Merchandise Online Store Project 1Merchandise Online Store Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.
CVE-2022-29725 1Creatiwity 1Witycms Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-29624 1Tpcms Project 1Tpcms Jun 17, 2026 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.

Previous 1...142143144...206 Next