Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27461 1Seopanel 1Seopanel Jun 17, 2026 Aug 20, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.
CVE-2020-18886 1Phpmywind 1Phpmywind Jun 17, 2026 Aug 20, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
CVE-2020-18879 1Bludit 1Bludit Jun 17, 2026 Aug 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
CVE-2021-37608 1Apache 1Ofbiz Jun 17, 2026 Aug 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12....Show more Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.Show less
CVE-2021-22937 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Jun 17, 2026 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVE-2020-18704 1Fusionbox 1Widgy Jun 17, 2026 Aug 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'.
CVE-2021-38753 1Simple Image Gallery Web App Project 1Simple Image Gallery Web App Jun 17, 2026 Aug 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.
CVE-2021-29377 1Pearadmin 1Pearadmin Think Jun 17, 2026 Aug 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/Upload...Show more Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.Show less
CVE-2021-38366 1Sitecore 1Sitecore Jun 17, 2026 Aug 12, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
CVE-2020-18462 1Aikcms 1Aikcms Jun 17, 2026 Aug 12, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.
CVE-2020-20979 18cms 1Ljcms Jun 17, 2026 Aug 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
CVE-2020-28165 1Easycorp 1Zentao Jun 17, 2026 Aug 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
CVE-2020-21359 1Maccms 1Maccms Jun 17, 2026 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded fil...Show more An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.Show less
CVE-2020-21976 1Newsone Cms Project 1Newsone Cms Jun 17, 2026 Aug 11, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
CVE-2021-38305 123andme 1Yamale Jun 17, 2026 Aug 9, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting...Show more 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale.Show less
CVE-2021-24499 1Amentotech 1Workreap Jun 17, 2026 Aug 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. T...Show more The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.Show less
CVE-2020-28088 1Jeecg 1Jeecg Boot Jun 17, 2026 Aug 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
CVE-2021-34639 1W3eden 1Download Manager Jun 17, 2026 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issu...Show more Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.Show less
CVE-2021-32594 1Fortinet 1Fortiportal Jun 17, 2026 Aug 4, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper wit...Show more An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.Show less
CVE-2020-19303 1Houdunren 1Hdcms Jun 17, 2026 Aug 3, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.

Previous 1...160161162...206 Next