Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2020-7864 | Unrestricted Upload of File with Dangerous Type vulnerability in Dext5 Editor Parameter manipulation can bypass authentication to cause file upload and execution. | 9.8 |
| 2021-06-15 | CVE-2021-34128 | Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui 3.5.0 LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | 8.8 |
| 2021-06-13 | CVE-2021-23394 | Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. | 9.8 |
| 2021-06-11 | CVE-2021-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in Openplcproject Scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | 8.8 |
| 2021-06-08 | CVE-2021-26473 | Unrestricted Upload of File with Dangerous Type vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. | 9.8 |
| 2021-06-07 | CVE-2021-3277 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | 7.2 |
| 2021-06-04 | CVE-2020-36141 | Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header. | 8.8 |
| 2021-06-03 | CVE-2021-32661 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Plugin-Techdocs Backstage is an open platform for building developer portals. | 7.3 |
| 2021-06-03 | CVE-2021-32660 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Techdocs-Common Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. | 8.1 |
| 2021-06-03 | CVE-2020-21005 | Unrestricted Upload of File with Dangerous Type vulnerability in Wellcms 2.0 WellCMS 2.0 beta3 is vulnerable to File Upload. | 6.5 |