Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-13887 | Unrestricted Upload of File with Dangerous Type vulnerability in Kordil Edms Project Kordil Edms 2.2.60 documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. | 8.8 |
| 2020-06-19 | CVE-2020-8162 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 7.5 |
| 2020-06-15 | CVE-2020-12005 | Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.5 |
| 2020-06-15 | CVE-2020-4470 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 8.0 |
| 2020-06-15 | CVE-2020-14067 | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9 The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 9.8 |
| 2020-06-12 | CVE-2019-15123 | Unrestricted Upload of File with Dangerous Type vulnerability in Vikisolutions Vera 4.9.1.26180 The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. | 7.2 |
| 2020-06-11 | CVE-2020-13855 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | 7.2 |
| 2020-06-11 | CVE-2020-13852 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | 7.2 |
| 2020-06-08 | CVE-2020-12800 | Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | 9.8 |
| 2020-06-04 | CVE-2018-21244 | Unrestricted Upload of File with Dangerous Type vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.6. | 9.8 |