Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-23828 Unrestricted Upload of File with Dangerous Type vulnerability in Online Course Registration Project Online Course Registration 1.0
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters.
network
low complexity
online-course-registration-project CWE-434
critical
9.8
2020-09-15 CVE-2020-4703 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.0
2020-09-14 CVE-2020-10228 Unrestricted Upload of File with Dangerous Type vulnerability in Vtenext 19
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
network
low complexity
vtenext CWE-434
8.8
2020-09-13 CVE-2020-25287 Unrestricted Upload of File with Dangerous Type vulnerability in Pligg Project Pligg 2.0.3
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
network
low complexity
pligg-project CWE-434
7.2
2020-09-09 CVE-2020-25213 Unrestricted Upload of File with Dangerous Type vulnerability in Webdesi9 File Manager
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension.
network
low complexity
webdesi9 CWE-434
critical
9.8
2020-09-09 CVE-2020-24199 Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds CAR Rental Project 1.0
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
network
low complexity
projectworlds CWE-434
critical
9.8
2020-09-09 CVE-2020-24195 Unrestricted Upload of File with Dangerous Type vulnerability in Online Bike Rental Project Online Bike Rental 1.0
An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.
network
low complexity
online-bike-rental-project CWE-434
critical
9.1
2020-09-09 CVE-2020-6288 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability.
network
low complexity
sap CWE-434
5.3
2020-09-04 CVE-2020-24986 Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager.
network
low complexity
concretecms CWE-434
7.2
2020-09-04 CVE-2020-14008 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Applications Manager
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
network
low complexity
zohocorp CWE-434
7.2