Vulnerabilities > Unrestricted Upload of File with Dangerous Type
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-18 | CVE-2024-3242 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. | 8.8 |
2024-07-17 | CVE-2024-27311 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | 8.8 |
2024-07-17 | CVE-2024-6220 | Unrestricted Upload of File with Dangerous Type vulnerability in Keydatas The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. | 9.8 |
2024-07-17 | CVE-2024-6595 | Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | 5.3 |
2024-07-17 | CVE-2024-6801 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Student Management System Project Online Student Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. | 9.8 |
2024-07-15 | CVE-2024-5630 | Unrestricted Upload of File with Dangerous Type vulnerability in Elearningfreak Insert or Embed Articulate Content The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. | 8.8 |
2024-07-12 | CVE-2024-40545 | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40546 | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40548 | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
2024-07-12 | CVE-2024-40549 | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |