Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-25733 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 7.5 |
| 2020-09-17 | CVE-2020-13260 | Unrestricted Upload of File with Dangerous Type vulnerability in RAD Secflow-1V Firmware Osimagesf02902.3.01.26 A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. | 6.1 |
| 2020-09-15 | CVE-2020-23828 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Course Registration Project Online Course Registration 1.0 A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. | 9.8 |
| 2020-09-15 | CVE-2020-4703 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 8.0 |
| 2020-09-14 | CVE-2020-10228 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtenext 19 A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | 8.8 |
| 2020-09-13 | CVE-2020-25287 | Unrestricted Upload of File with Dangerous Type vulnerability in Pligg Project Pligg 2.0.3 Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | 7.2 |
| 2020-09-09 | CVE-2020-25213 | Unrestricted Upload of File with Dangerous Type vulnerability in Webdesi9 File Manager The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. | 9.8 |
| 2020-09-09 | CVE-2020-24199 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds CAR Rental Project 1.0 Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | 9.8 |
| 2020-09-09 | CVE-2020-24195 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Bike Rental Project Online Bike Rental 1.0 An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | 9.1 |
| 2020-09-09 | CVE-2020-6288 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. | 5.3 |