Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-23972 | Unrestricted Upload of File with Dangerous Type vulnerability in Gmapfp J3.5 In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | 7.5 |
| 2020-08-24 | CVE-2020-24186 | Unrestricted Upload of File with Dangerous Type vulnerability in Gvectors Wpdiscuz A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | 10.0 |
| 2020-08-14 | CVE-2020-22722 | Unrestricted Upload of File with Dangerous Type vulnerability in Rapidscada Rapid Scada 5.8.0 Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. | 7.8 |
| 2020-08-14 | CVE-2020-22721 | Unrestricted Upload of File with Dangerous Type vulnerability in Pnotes.Net Project Pnotes.Net 3.8.1.2 A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program. | 7.8 |
| 2020-08-14 | CVE-2020-17462 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | 7.8 |
| 2020-08-13 | CVE-2020-7302 | Unrestricted Upload of File with Dangerous Type vulnerability in Mcafee Data Loss Prevention Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | 6.4 |
| 2020-08-12 | CVE-2020-6293 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload. | 6.5 |
| 2020-08-10 | CVE-2020-15649 | Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla Firefox ESR Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. | 5.5 |
| 2020-08-09 | CVE-2020-17452 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | 7.2 |
| 2020-07-29 | CVE-2020-14488 | Unrestricted Upload of File with Dangerous Type vulnerability in Freemedsoftware Openclinic GA 5.09.02/5.89.05B OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. | 8.8 |