Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-19302 1Vaethink 1Vaethink Jun 17, 2026 Aug 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".
CVE-2021-36623 1Phone Shop Sales Management System Project 1Phone Shop Sales Management System Jun 17, 2026 Aug 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVE-2021-36622 1Online Covid Vaccination Scheduler System Project 1Online Covid Vaccination Scheduler System Jun 17, 2026 Aug 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=u...Show more Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.Show less
CVE-2021-25200 1Learning Management System Project 1Learning Management System Jun 17, 2026 Jul 30, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
CVE-2021-36741 1Trendmicro 4Apex One OfficescanOfficescan Business Security+1 more Jun 17, 2026 Jul 29, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installat...Show more An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.Show less
CVE-2021-37444 1Nchsoftware 1Ivm Attendant Jun 17, 2026 Jul 25, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a f...Show more NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.Show less
CVE-2021-25208 1Travel Management System Project 1Travel Management System Jun 17, 2026 Jul 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
CVE-2021-25206 1Responsive Ordering System Project 1Responsive Ordering System Jun 17, 2026 Jul 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
CVE-2021-25203 1Victor Cms Project 1Victor Cms Jun 17, 2026 Jul 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVE-2021-25207 1E Commerce Website Project 1E Commerce Website Jun 17, 2026 Jul 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
CVE-2021-25211 1Online Ordering System Project 1Online Ordering System Jun 17, 2026 Jul 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
CVE-2021-25210 1Alumni Management System Project 1Alumni Management System Jun 17, 2026 Jul 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.
CVE-2021-34619 1Storeapps 1Stock Manager For Woocommerce Jun 17, 2026 Jul 21, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocomm...Show more The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.Show less
CVE-2021-35963 1Learningdigital 1Orca Hcm Jun 17, 2026 Jul 19, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE at...Show more The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.Show less
CVE-2021-29699 1Ibm 1Security Verify Access Jun 17, 2026 Jul 15, 2021 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.
CVE-2021-36121 1Echobh 1Sharecare Jun 17, 2026 Jul 13, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remo...Show more An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\SYSTEM).Show less
CVE-2021-30118 1Kaseya 1Vsa Jun 17, 2026 Jul 9, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab...Show more An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE. An attacker can upload files with the privilege of the Web Server process and subsequently use these files to execute asp commands. Detailed description --- Given the following request: ``` POST /SystemTab/uploader.aspx?Filename=shellz.aspx&PathData=C%3A%5CKaseya%5CWebPages%5C&__RequestValidationToken=ac1906a5-d511-47e3-8500-47cc4b0ec219&qqfile=shellz.aspx HTTP/1.1 Host: 192.168.1.194 Cookie: sessionId=92812726; %5F%5FRequestValidationToken=ac1906a5%2Dd511%2D47e3%2D8500%2D47cc4b0ec219 Content-Length: 12 <%@ Page Language="C#" Debug="true" validateRequest="false" %> <%@ Import namespace="System.Web.UI.WebControls" %> <%@ Import namespace="System.Diagnostics" %> <%@ Import namespace="System.IO" %> <%@ Import namespace="System" %> <%@ Import namespace="System.Data" %> <%@ Import namespace="System.Data.SqlClient" %> <%@ Import namespace="System.Security.AccessControl" %> <%@ Import namespace="System.Security.Principal" %> <%@ Import namespace="System.Collections.Generic" %> <%@ Import namespace="System.Collections" %> <script runat="server"> private const string password = "pass"; // The password ( pass ) private const string style = "dark"; // The style ( light / dark ) protected void Page_Load(object sender, EventArgs e) { //this.Remote(password); this.Login(password); this.Style(); this.ServerInfo(); <snip> ``` The attacker can control the name of the file written via the qqfile parameter and the location of the file written via the PathData parameter. Even though the call requires that a sessionId cookie is passed we have determined that the sessionId is not actually validated and any numeric value is accepted as valid. Security issues discovered --- * a sessionId cookie is required by /SystemTab/uploader.aspx, but is not actually validated, allowing an attacker to bypass authentication * /SystemTab/uploader.aspx allows an attacker to create a file with arbitrary content in any place the webserver has write access * The web server process has write access to the webroot where the attacker can execute it by requesting the URL of the newly created file. Impact --- This arbitrary file upload allows an attacker to place files of his own choosing on any location on the hard drive of the server the webserver process has access to, including (but not limited to) the webroot. If the attacker uploads files with code to the webroot (e.g. aspx code) he can then execute this code in the context of the webserver to breach either the integrity, confidentiality, or availability of the system or to steal credentials of other users. In other words, this can lead to a full system compromise.Show less
CVE-2021-28931 1Fork Cms 1Fork Cms Jun 17, 2026 Jul 7, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
CVE-2021-32538 1Artware Cms Project 1Artware Cms Jun 17, 2026 Jul 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.
CVE-2021-34624 1Properfraction 1Profilepress Jun 17, 2026 Jul 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during...Show more A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .Show less

Previous 1...161162163...206 Next