Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-17 | CVE-2020-36388 | Unrestricted Upload of File with Dangerous Type vulnerability in Civicrm In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | 8.8 |
| 2021-06-17 | CVE-2013-20002 | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Framework Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | 9.8 |
| 2021-06-16 | CVE-2021-32243 | Unrestricted Upload of File with Dangerous Type vulnerability in Fogproject 1.5.9 FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). | 8.8 |
| 2021-06-16 | CVE-2021-34551 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | 8.1 |
| 2021-06-16 | CVE-2020-35760 | Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). | 9.8 |
| 2021-06-15 | CVE-2020-7864 | Unrestricted Upload of File with Dangerous Type vulnerability in Dext5 Editor Parameter manipulation can bypass authentication to cause file upload and execution. | 9.8 |
| 2021-06-15 | CVE-2021-34128 | Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui 3.5.0 LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | 8.8 |
| 2021-06-13 | CVE-2021-23394 | Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. | 9.8 |
| 2021-06-11 | CVE-2021-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in Openplcproject Scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | 8.8 |
| 2021-06-08 | CVE-2021-26473 | Unrestricted Upload of File with Dangerous Type vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. | 9.8 |