Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-20 | CVE-2020-13241 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | 7.8 |
| 2020-05-19 | CVE-2020-11807 | Unrestricted Upload of File with Dangerous Type vulnerability in Sourcefabric Newscoop 4.4.7 Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | 7.8 |
| 2020-05-18 | CVE-2020-12255 | Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. | 8.8 |
| 2020-05-18 | CVE-2020-13128 | Unrestricted Upload of File with Dangerous Type vulnerability in Gwtupload Project Gwtupload 1.0.3 An issue was discovered in Manolo GWTUpload 1.0.3. | 7.5 |
| 2020-05-17 | CVE-2020-13126 | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. | 9.9 |
| 2020-05-14 | CVE-2020-5577 | Unrestricted Upload of File with Dangerous Type vulnerability in Sixapart Movable Type Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. | 8.8 |
| 2020-05-11 | CVE-2020-11108 | Unrestricted Upload of File with Dangerous Type vulnerability in Pi-Hole The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. | 8.8 |
| 2020-04-30 | CVE-2020-5880 | Unrestricted Upload of File with Dangerous Type vulnerability in F5 products Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. | 7.1 |
| 2020-04-29 | CVE-2020-11943 | Unrestricted Upload of File with Dangerous Type vulnerability in Opmantek Open-Audit 3.2.2 An issue was discovered in Open-AudIT 3.2.2. | 8.8 |
| 2020-04-29 | CVE-2020-12252 | Unrestricted Upload of File with Dangerous Type vulnerability in Gigamon Gigavue An issue was discovered in Gigamon GigaVUE 5.5.01.11. | 6.2 |