Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-28693 | Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0 An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | 8.8 |
| 2020-11-16 | CVE-2020-28692 | Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.16.0 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | 7.2 |
| 2020-11-12 | CVE-2020-13774 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. | 9.9 |
| 2020-11-12 | CVE-2020-27386 | Unrestricted Upload of File with Dangerous Type vulnerability in Flexdotnetcms Project Flexdotnetcms An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. | 8.8 |
| 2020-11-12 | CVE-2020-26804 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. | 8.8 |
| 2020-11-12 | CVE-2020-26803 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. | 8.8 |
| 2020-11-10 | CVE-2020-26820 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. | 7.2 |
| 2020-11-09 | CVE-2020-23138 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 9.8 |
| 2020-11-06 | CVE-2020-28328 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. | 8.8 |
| 2020-11-05 | CVE-2020-27387 | Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0 An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. | 8.8 |