Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-7055 Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder
An issue was discovered in Elementor 2.7.4.
network
low complexity
elementor CWE-434
critical
 9.9
9.9
2020-04-22 CVE-2020-11011 Unrestricted Upload of File with Dangerous Type vulnerability in PHProject
In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code.
network
low complexity
phproject CWE-434
8.8
8.8
2020-04-21 CVE-2020-10569 Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack.
network
low complexity
sysaid CWE-434
critical
 9.8
9.8
2020-04-16 CVE-2020-11815 Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value.
network
low complexity
rukovoditel CWE-434
critical
 9.8
9.8
2020-04-16 CVE-2020-11811 Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.1
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value.
network
low complexity
qdpm CWE-434
critical
 9.8
9.8
2020-04-15 CVE-2020-9280 Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead.
network
low complexity
silverstripe CWE-434
7.5
7.5
2020-04-15 CVE-2020-0974 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-434
8.8
8.8
2020-04-15 CVE-2020-0971 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-434
8.8
8.8
2020-04-15 CVE-2020-0932 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-434
8.8
8.8
2020-04-15 CVE-2020-0931 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-434
8.8
8.8