Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24581 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the usern...Show more ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.Show less
CVE-2022-24239 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
CVE-2021-33615 1Rsa 1Archer Jun 17, 2026 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.
CVE-2021-26634 1Maxb 1Maxboard Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege e...Show more SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.Show less
CVE-2022-29637 1Iminho 1Mindoc Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file.
CVE-2022-29632 1Roncoo 1Roncoo Education Jun 17, 2026 May 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-29651 2Online Food Ordering System Project Oretnom23 2Online Food Ordering System Online Food Ordering System Jun 17, 2026 May 25, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2021-42654 1Sscms 1Siteserver Cms Jun 17, 2026 May 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
CVE-2022-1837 1Home Clean Services Management System Project 1Home Clean Services Management System Jun 17, 2026 May 24, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to...Show more A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.Show less
CVE-2022-1811 1Publify Project 1Publify Jun 17, 2026 May 23, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
CVE-2022-1752 1Trudesk Project 1Trudesk Jun 17, 2026 May 21, 2022 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.
CVE-2022-30887 1Pharmacy Management System Project 1Pharmacy Management System Jun 17, 2026 May 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via...Show more Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.Show less
CVE-2022-28104 1Foxit 1Pdf Editor Jun 17, 2026 May 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-28927 1Subconverter Project 1Subconverter Jun 17, 2026 May 19, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.
CVE-2021-41938 1Shopxo 1Shopxo Jun 17, 2026 May 19, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.
CVE-2022-22482 1Ibm 1Sterling B2b Integrator Jun 17, 2026 May 17, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Fo...Show more IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.Show less
CVE-2022-30007 1Gxcms Project 1Gxcms Jun 17, 2026 May 17, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control th...Show more GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.Show less
CVE-2022-1409 1Vikwp 1Hotel Booking Engine & Pms Jun 17, 2026 May 16, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malic...Show more The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP codeShow less
CVE-2022-1103 1Advanced Uploader Project 1Advanced Uploader Jun 17, 2026 May 16, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
CVE-2021-25119 1Wpsocket 1Automatic Grid Image Listing Jun 17, 2026 May 16, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like...Show more The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCEShow less

Previous 1...143144145...206 Next