Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-15866 1Crelly Slider Project 1Crelly Slider Jun 17, 2026 Sep 3, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
CVE-2017-18592 1Wc Marketplace 1Wc Catalog Enquiry Nov 21, 2024 Aug 27, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.
CVE-2019-15649 1Elearningfreak 1Insert Or Embed Articulate Content Jun 17, 2026 Aug 27, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.
CVE-2019-15524 1Cszcms 1Csz Cms Jun 17, 2026 Aug 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.
CVE-2015-9340 1Iptanus 1Wordpress File Upload Nov 21, 2024 Aug 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
CVE-2015-9339 1Iptanus 1Wordpress File Upload Nov 21, 2024 Aug 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
CVE-2015-9338 1Iptanus 1Wordpress File Upload Nov 21, 2024 Aug 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
CVE-2015-9341 1Iptanus 1Wordpress File Upload Nov 21, 2024 Aug 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
CVE-2019-11031 1Mirasys 1Mirasys Vms Jun 17, 2026 Aug 22, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM...Show more Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.Show less
CVE-2018-18572 1Oscommerce 1Oscommerce Nov 21, 2024 Aug 22, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the ap...Show more osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.Show less
CVE-2019-15091 1Artica 1Integria Ims Jun 17, 2026 Aug 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
CVE-2019-14755 1Leaftecnologia 1Leaf Admin Jun 17, 2026 Aug 15, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.
CVE-2019-5395 1Hp 13par Service Processor Firmware Jun 17, 2026 Aug 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVE-2019-14748 1Osticket 1Osticket Jun 17, 2026 Aug 7, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) miti...Show more An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.Show less
CVE-2019-7930 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modificat...Show more A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system.Show less
CVE-2019-7912 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys t...Show more A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server.Show less
CVE-2019-7861 1Magento 1Magento Jun 17, 2026 Aug 2, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
CVE-2017-18435 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
CVE-2018-20926 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
CVE-2018-20925 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).

Previous 1...184185186...206 Next