Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-17 | CVE-2020-28688 | Unrestricted Upload of File with Dangerous Type vulnerability in Artworks Gallery in PHP, Css, Javascript, and Mysql Project Artworks Gallery in PHP, Css, Javascript, and Mysql 1.0 The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | 8.8 |
| 2020-11-17 | CVE-2020-28687 | Unrestricted Upload of File with Dangerous Type vulnerability in Artworks Gallery in PHP, Css, Javascript, and Mysql Project Artworks Gallery in PHP, Css, Javascript, and Mysql 1.0 The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | 8.8 |
| 2020-11-16 | CVE-2020-28693 | Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0 An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | 8.8 |
| 2020-11-16 | CVE-2020-28692 | Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.16.0 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | 7.2 |
| 2020-11-12 | CVE-2020-13774 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. | 9.9 |
| 2020-11-12 | CVE-2020-27386 | Unrestricted Upload of File with Dangerous Type vulnerability in Flexdotnetcms Project Flexdotnetcms An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. | 8.8 |
| 2020-11-12 | CVE-2020-26804 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. | 8.8 |
| 2020-11-12 | CVE-2020-26803 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. | 8.8 |
| 2020-11-10 | CVE-2020-26820 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. | 7.2 |
| 2020-11-09 | CVE-2020-23138 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 9.8 |