Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-01 | CVE-2020-35949 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Quiz and Survey Master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. | 9.8 |
| 2021-01-01 | CVE-2020-35945 | Unrestricted Upload of File with Dangerous Type vulnerability in Elegant Themes Divi, Divi Builder and Divi Extra An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. | 8.8 |
| 2020-12-30 | CVE-2020-35797 | Unrestricted Upload of File with Dangerous Type vulnerability in Netgear Nms300 Firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. | 9.8 |
| 2020-12-28 | CVE-2020-35627 | Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Gift Cards 3.0.2 Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. | 8.8 |
| 2020-12-23 | CVE-2020-27397 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Matrimonial Project 1.0 Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. | 8.8 |
| 2020-12-23 | CVE-2020-35657 | Unrestricted Upload of File with Dangerous Type vulnerability in Jaws Project Jaws 1.8.0 Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. | 7.2 |
| 2020-12-23 | CVE-2020-35656 | Unrestricted Upload of File with Dangerous Type vulnerability in Jaws Project Jaws 1.8.0 Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. | 7.2 |
| 2020-12-21 | CVE-2020-29447 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Crucible Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. | 4.3 |
| 2020-12-18 | CVE-2020-26174 | Unrestricted Upload of File with Dangerous Type vulnerability in Tangro Business Workflow 1.17.5 tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. | 8.8 |
| 2020-12-17 | CVE-2020-35489 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 10.0 |