Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-28397 1Ghost 1Ghost Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, file...Show more An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentionalShow less
CVE-2022-27952 1Payloadcms 1Payload Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2022-27263 1Strapi 1Strapi Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-27262 1Sailsjs 1Skipper Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-27261 1Express Fileupload Project 1Express Fileupload Jun 17, 2026 Apr 12, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
CVE-2022-27260 1Buttercms 1Buttercms Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2022-27140 1Express Fileupload Project 1Express Fileupload Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior ca...Show more An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).Show less
CVE-2022-27139 1Ghost 1Ghost Jun 17, 2026 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation,...Show more An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionalityShow less
CVE-2022-24837 1Hedgedoc 1Hedgedoc Jun 17, 2026 Apr 11, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information le...Show more HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads.Show less
CVE-2022-27115 1Std42 1Elfinder Jun 17, 2026 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
CVE-2022-1008 1Ocdi 1One Click Demo Import Jun 17, 2026 Apr 11, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disal...Show more The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowedShow less
CVE-2022-1045 1Trudesk Project 1Trudesk Jun 17, 2026 Apr 11, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
CVE-2022-27477 1Newbee Mall Project 1Newbee Mall Jun 17, 2026 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
CVE-2022-27131 1Zbzcms 1Zbzcms Jun 17, 2026 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27129 1Zbzcms 1Zbzcms Jun 17, 2026 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27047 1Moguit 1Mogu Blog Cms Jun 17, 2026 Apr 8, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
CVE-2021-46367 1Ritecms 1Ritecms Jun 17, 2026 Apr 8, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files...Show more RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.Show less
CVE-2022-27357 1Ecommerce Website Project 1Ecommerce Website Jun 17, 2026 Apr 8, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27352 1Simple House Rental System Project 1Simple House Rental System Jun 17, 2026 Apr 8, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27351 1Phpgurukul 1Zoo Management System Jun 17, 2026 Apr 8, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Previous 1...146147148...206 Next