Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-4470 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 6.0 |
| 2020-06-15 | CVE-2020-14067 | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9 The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 7.5 |
| 2020-06-12 | CVE-2019-15123 | Unrestricted Upload of File with Dangerous Type vulnerability in Vikisolutions Vera 4.9.1.26180 The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. | 6.5 |
| 2020-06-11 | CVE-2020-13855 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | 9.0 |
| 2020-06-11 | CVE-2020-13852 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | 9.0 |
| 2020-06-08 | CVE-2020-12800 | Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | 7.5 |
| 2020-06-04 | CVE-2018-21244 | Unrestricted Upload of File with Dangerous Type vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.6. | 7.5 |
| 2020-06-04 | CVE-2018-21243 | Unrestricted Upload of File with Dangerous Type vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.6. | 4.3 |
| 2020-06-03 | CVE-2020-12846 | Unrestricted Upload of File with Dangerous Type vulnerability in Synacor Zimbra Collaboration Suite Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. | 6.0 |
| 2020-05-29 | CVE-2020-12675 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. | 8.8 |