Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-23329 1Ujcms 1Jspxcms Jun 17, 2026 Feb 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
CVE-2022-24262 1Voipmonitor 1Voipmonitor Jun 17, 2026 Feb 4, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.
CVE-2021-46428 1Simple Chatbot Application Project 1Simple Chatbot Application Jun 17, 2026 Jan 27, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
CVE-2021-46097 1Dolphinphp 1Dolphinphp Jun 17, 2026 Jan 27, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log
CVE-2021-46386 1Mingsoft 1Mcms Jun 17, 2026 Jan 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
CVE-2021-46116 1Jpress 1Jpress Jun 17, 2026 Jan 26, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
CVE-2021-46115 1Jpress 1Jpress Jun 17, 2026 Jan 26, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
CVE-2021-44123 1Spip 1Spip Jun 17, 2026 Jan 26, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
CVE-2022-23026 1F5 2Big Ip Advanced Web Application Firewall Big Ip Application Acceleration Manager Jun 17, 2026 Jan 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload dat...Show more On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2021-46033 1Forestblog Project 1Forestblog Jun 17, 2026 Jan 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In ForestBlog, as of 2021-12-28, File upload can bypass verification.
CVE-2021-46113 1Kea Hotel Erp Project 1Kea Hotel Erp Jun 17, 2026 Jan 25, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.
CVE-2022-23315 1Mingsoft 1Mcms Jun 17, 2026 Jan 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
CVE-2022-22929 1Mingsoft 1Mcms Jun 17, 2026 Jan 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2021-45808 1Jpress 1Jpress Jun 17, 2026 Jan 19, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.
CVE-2021-46013 1Free School Management Software Project 1Free School Management Software Jun 17, 2026 Jan 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php w...Show more An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.Show less
CVE-2022-0263 1Pimcore 1Pimcore Jun 17, 2026 Jan 18, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
CVE-2021-41550 1Leostream 1Connection Broker Jun 17, 2026 Jan 18, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
CVE-2021-38697 1Softvibe 1Saraban Jun 17, 2026 Jan 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.
CVE-2022-0242 1Craterapp 1Crater Jun 17, 2026 Jan 17, 2022 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
CVE-2021-33828 1Owncloud 1Files Antivirus Jun 17, 2026 Jan 15, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.

Previous 1...152153154...206 Next