Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-04 | CVE-2020-24986 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. | 7.2 |
| 2020-09-04 | CVE-2020-14008 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | 7.2 |
| 2020-09-03 | CVE-2020-25042 | Unrestricted Upload of File with Dangerous Type vulnerability in Maracms 7.5 An arbitrary file upload issue exists in Mara CMS 7.5. | 7.2 |
| 2020-09-03 | CVE-2020-24948 | Unrestricted Upload of File with Dangerous Type vulnerability in Autoptimize The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. | 7.2 |
| 2020-09-02 | CVE-2020-14209 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. | 8.8 |
| 2020-09-01 | CVE-2020-23829 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | 8.8 |
| 2020-08-27 | CVE-2020-24202 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds House Rental and Property Listing Project 1.0 File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | 9.8 |
| 2020-08-27 | CVE-2020-24196 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Bike Rental Project Online Bike Rental 1.0 An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | 7.2 |
| 2020-08-27 | CVE-2020-23972 | Unrestricted Upload of File with Dangerous Type vulnerability in Gmapfp J3.5 In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | 7.5 |
| 2020-08-24 | CVE-2020-24186 | Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpdiscuz A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | 10.0 |