Show CWE-434: Unrestricted Upload of File with Dangerous Type

	Topic	Date	Author
Med.	Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Default Admin Credentials	06.07.2022	MR.$UD0
High	WordPress Catch Themes Demo Import 1.6.1 Shell Upload	11.12.2021	Ron Jost
High	WordPress SP Project And Document Manager 4.21 Shell Upload	08.07.2021	Ron Jost
High	WordPress Modern Events Calendar 5.16.2 Shell Upload	02.07.2021	Ron Jost
High	OpenEMR 5.0.1.3 Shell Upload	14.06.2021	Ron Jost
High	VisualWare MyConnection Server 11.x Remote Code Execution	28.02.2021	Ryan Wincey
High	Moodle 3.8 Arbitary File Upload	30.11.2020	Sirwan Veisi
High	XUpload Remote File Upload Vulnerability	04.11.2020	h4shur
High	Typesetter CMS 5.1 Remote Code Execution	07.10.2020	Rodolfo Tavares
High	ckeditor-elfinder Remote File Upload Vulnerability	21.09.2020	h4shur
High	Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload	13.07.2020	Vlad Vector
High	filemanager File Upload vulnerability	03.05.2020	h4shur
High	LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability	10.04.2020	h4shur
High	NewsOne CMS – News, Magazine & Blog Script v1.1.0 Arbitrary File Upload	19.01.2020	m0ze
Med.	EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability	17.09.2019	KingSkrupellos
Med.	Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability	15.09.2019	KingSkrupellos
High	BKS EBK Ethernet-Buskoppler Pro Shell Upload	05.07.2019	Sebastian Auwaerter
High	Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution	28.04.2019	Cisco Talos
Med.	WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access	04.02.2019	KingSkrupellos
Med.	WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability	27.01.2019	KingSkrupellos
Med.	WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability	27.01.2019	KingSkrupellos
Med.	WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability	18.01.2019	KingSkrupellos
High	Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability	09.01.2019	KingSkrupellos
Med.	Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities	04.09.2018	KingSkrupellos
Med.	ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload	18.06.2018	L0RD
Med.	Gardenoma Remote File Upload Vulnerability	11.06.2018	Mr.T959
Med.	WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability	08.06.2018	KingSkrupellos
Med.	LifeRay (Fckeditor) Arbitrary File Upload Vulnerability	06.05.2018	Mostafa Gharzi
High	phpCollab 2.5.1 Arbitrary File Upload	03.10.2017	Sysdream
High	PhpCollab 2.5.1 Shell Upload	30.09.2017	SYSDREAM
High	Nuxeo Platform 6.x / 7.x Shell Upload	24.03.2017	SYSDREAM Labs
High	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root	18.02.2017	Matt Bergin (@thatguyl...
Med.	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write	18.02.2017	Matt Bergin
High	Cisco Firepower Threat Management Command Execution	06.10.2016	Matt Bergin
High	WordPress Daily Edition 1.6.2 File Upload	10.03.2015	Wang Jing
High	Intrexx Professional 6.0 / 5.2 Remote Code Execution	16.12.2014	Christian Schneider
High	HelpDEZk 1.0.1 Unrestricted File Upload	06.11.2014	High-Tech Bridge Secur...
High	WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution	24.01.2014	KedAns-Dz
High	DMXReady Registration Manager Arbitrary File Upload Vulnerability	30.06.2009	Securitylab

CVEMAP Search Results

CVE

Details

Description

2023-03-23

	CVE-2023-25655	Updating...	baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
	CVE-2023-25654	Updating...	baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

2023-03-22

CVE-2023-1558	Updating...	A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223551.
CVE-2023-1561	Updating...	A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability.
CVE-2023-1559	Updating...	A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552.

2023-03-19

	CVE-2023-1497	Updating...	A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223397 was assigned to this vulnerability.
	CVE-2023-1501	Updating...	A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.

2023-03-18

	CVE-2023-1479	Updating...	A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability.
	CVE-2023-1484	Updating...	A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.

2023-03-17

CVE-2023-1442

Updating...

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.

06.07.2022

11.12.2021

08.07.2021

02.07.2021

14.06.2021

28.02.2021

30.11.2020

04.11.2020

07.10.2020

21.09.2020

13.07.2020

03.05.2020

10.04.2020

19.01.2020

17.09.2019

15.09.2019

05.07.2019

28.04.2019

04.02.2019

27.01.2019

27.01.2019

18.01.2019

09.01.2019

04.09.2018

18.06.2018

11.06.2018

08.06.2018

06.05.2018

03.10.2017

30.09.2017

24.03.2017

18.02.2017

18.02.2017

06.10.2016

10.03.2015

16.12.2014

06.11.2014

24.01.2014

30.06.2009