Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9472 1Umbraco 1Umbraco Cms Jun 17, 2026 Mar 16, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
CVE-2020-9471 1Umbraco 1Umbraco Cms Jun 17, 2026 Mar 16, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
CVE-2020-5844 1Artica 1Pandora Fms Jun 17, 2026 Mar 16, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affe...Show more index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.Show less
CVE-2020-10557 1Atutor 1Acontent Jun 17, 2026 Mar 16, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability...Show more An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.Show less
CVE-2020-10562 1Devome 1Grr Jun 17, 2026 Mar 13, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.
CVE-2020-10386 1Chadhaajay 1Phpkb Jun 17, 2026 Mar 12, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
CVE-2016-6918 1Lexmark 1Markvision Enterprise Nov 21, 2024 Mar 9, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (
CVE-2015-7341 1Joobi 1Jnews Nov 21, 2024 Mar 9, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
CVE-2015-7339 1Widgetfactorylimited 1Jce Nov 21, 2024 Mar 9, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.
CVE-2020-5256 1Bookstackapp 1Bookstack Jun 17, 2026 Mar 9, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permiss...Show more BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.Show less
CVE-2020-10225 1Phpgurukul 1Job Portal Jun 17, 2026 Mar 8, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the serv...Show more An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.Show less
CVE-2020-10224 1Phpgurukul 1Online Book Store Jun 17, 2026 Mar 8, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the s...Show more An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.Show less
CVE-2020-9380 1Whmcssmarters 1Web Tv Player Jun 17, 2026 Mar 5, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script.
CVE-2018-19798 1Fleetco 1Fleet Maintenance Management Nov 21, 2024 Mar 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 fi...Show more Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.Show less
CVE-2020-8500 1Artica 1Pandora Fms Jun 17, 2026 Mar 2, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
CVE-2018-17058 1Jaba 1Jaba Xpress Nov 21, 2024 Mar 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the fronte...Show more An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication.Show less
CVE-2016-11020 1Kunena 1Kunena Nov 21, 2024 Feb 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
CVE-2020-5188 1Dnnsoftware 1Dotnetnuke Jun 17, 2026 Feb 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
CVE-2020-9320 1Avira 8Anti Malware Sdk Antivirus ServerAvira Antivirus For Endpoint+5 more Jun 17, 2026 Feb 20, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Int...Show more Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in productShow less
CVE-2015-0258 3Canonical DebianO Dyn 3Collabtive Debian LinuxUbuntu Linux Nov 21, 2024 Feb 17, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3,...Show more Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.Show less

Previous 1...177178179...206 Next