Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-36581 | Unrestricted Upload of File with Dangerous Type vulnerability in Kooboo CMS 2.1.1.0 Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. | 9.8 |
| 2021-09-14 | CVE-2021-36582 | Unrestricted Upload of File with Dangerous Type vulnerability in Kooboo CMS 2.1.1.0 In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. | 9.8 |
| 2021-09-13 | CVE-2020-20670 | Unrestricted Upload of File with Dangerous Type vulnerability in Zkea Zkeacms 3.2.0 An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file. | 8.8 |
| 2021-09-13 | CVE-2020-20672 | Unrestricted Upload of File with Dangerous Type vulnerability in Kitesky Kitecms 1.1 An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | 7.8 |
| 2021-09-13 | CVE-2021-24620 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple-E-Commerce-Shopping-Cart Project Simple-E-Commerce-Shopping-Cart The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. | 8.8 |
| 2021-09-09 | CVE-2020-19267 | Unrestricted Upload of File with Dangerous Type vulnerability in Dswjcms Project Dswjcms 1.6.4 An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
| 2021-09-08 | CVE-2020-19138 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". | 9.8 |
| 2021-09-08 | CVE-2021-36440 | Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.9.5 Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. | 9.8 |
| 2021-09-07 | CVE-2021-38841 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0 Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | 8.8 |
| 2021-09-06 | CVE-2021-40531 | Unrestricted Upload of File with Dangerous Type vulnerability in Sketch Sketch before 75 allows library feeds to be used to bypass file quarantine. | 9.8 |