Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2021-28173 | Unrestricted Upload of File with Dangerous Type vulnerability in Deltaflow Project Deltaflow The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. | 9.8 |
| 2021-04-06 | CVE-2021-30149 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocproducts Composr 10.0.36 Composr 10.0.36 allows upload and execution of PHP files. | 9.8 |
| 2021-04-05 | CVE-2021-24212 | Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Help Scout The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. | 9.8 |
| 2021-04-05 | CVE-2021-24171 | Unrestricted Upload of File with Dangerous Type vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. | 9.8 |
| 2021-04-05 | CVE-2021-24160 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. | 8.8 |
| 2021-04-02 | CVE-2020-21585 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | 9.8 |
| 2021-03-31 | CVE-2021-23001 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. | 4.3 |
| 2021-03-31 | CVE-2020-28173 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple College Project Simple College 1.0 Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. | 7.2 |
| 2021-03-30 | CVE-2020-19642 | Unrestricted Upload of File with Dangerous Type vulnerability in Insma Wifi Mini SPY 1080P HD Security IP Camera Firmware 1.9.7B An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. | 6.2 |
| 2021-03-25 | CVE-2021-26597 | Unrestricted Upload of File with Dangerous Type vulnerability in Nokia Netact 18A An issue was discovered in Nokia NetAct 18A. | 6.5 |