Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-24123 | Unrestricted Upload of File with Dangerous Type vulnerability in Blubrry Powerpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | 7.2 |
| 2021-03-16 | CVE-2021-28294 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). | 9.8 |
| 2021-03-15 | CVE-2021-27817 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopxo 1.9.3 A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. | 9.8 |
| 2021-03-15 | CVE-2021-28379 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | 8.8 |
| 2021-03-05 | CVE-2020-29032 | Unrestricted Upload of File with Dangerous Type vulnerability in Secomea Gatemanager 8250 Firmware Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. | 7.2 |
| 2021-03-05 | CVE-2021-27964 | Unrestricted Upload of File with Dangerous Type vulnerability in Sfcyazilim Sonlogger 4.1.3/4.2.3/5.1.3 SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. | 9.8 |
| 2021-02-26 | CVE-2021-27198 | Unrestricted Upload of File with Dangerous Type vulnerability in Visualware Myconnection Server An issue was discovered in Visualware MyConnection Server before v11.1a. | 9.8 |
| 2021-02-26 | CVE-2020-36079 | Unrestricted Upload of File with Dangerous Type vulnerability in Zenphoto Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. | 7.2 |
| 2021-02-24 | CVE-2021-20659 | Unrestricted Upload of File with Dangerous Type vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. | 8.8 |
| 2021-02-23 | CVE-2020-7847 | Unrestricted Upload of File with Dangerous Type vulnerability in Iptime products The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. | 8.0 |