Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-02 | CVE-2020-21585 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | 9.8 |
| 2021-03-31 | CVE-2021-23001 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. | 4.3 |
| 2021-03-31 | CVE-2020-28173 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple College Project Simple College 1.0 Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. | 7.2 |
| 2021-03-30 | CVE-2020-19642 | Unrestricted Upload of File with Dangerous Type vulnerability in Insma Wifi Mini SPY 1080P HD Security IP Camera Firmware 1.9.7B An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. | 6.2 |
| 2021-03-25 | CVE-2021-26597 | Unrestricted Upload of File with Dangerous Type vulnerability in Nokia Netact 18A An issue was discovered in Nokia NetAct 18A. | 6.5 |
| 2021-03-18 | CVE-2021-24123 | Unrestricted Upload of File with Dangerous Type vulnerability in Blubrry Powerpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | 7.2 |
| 2021-03-16 | CVE-2021-28294 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). | 9.8 |
| 2021-03-15 | CVE-2021-27817 | Unrestricted Upload of File with Dangerous Type vulnerability in Shopxo 1.9.3 A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. | 9.8 |
| 2021-03-15 | CVE-2021-28379 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | 8.8 |
| 2021-03-05 | CVE-2020-29032 | Unrestricted Upload of File with Dangerous Type vulnerability in Secomea Gatemanager 8250 Firmware Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. | 7.2 |