Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-16 | CVE-2016-10959 | Unrestricted Upload of File with Dangerous Type vulnerability in Estatik The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | 6.5 |
| 2019-09-16 | CVE-2016-10958 | Unrestricted Upload of File with Dangerous Type vulnerability in Estatik The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | 7.5 |
| 2019-09-14 | CVE-2019-16318 | Unrestricted Upload of File with Dangerous Type vulnerability in Pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | 8.8 |
| 2019-09-13 | CVE-2016-10955 | Unrestricted Upload of File with Dangerous Type vulnerability in Cysteme Cysteme-Finder The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | 9.8 |
| 2019-09-13 | CVE-2016-10954 | Unrestricted Upload of File with Dangerous Type vulnerability in Dynamicpress Neosense The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | 9.8 |
| 2019-09-09 | CVE-2019-16192 | Unrestricted Upload of File with Dangerous Type vulnerability in Doccms 2016.5.17 upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. | 9.8 |
| 2019-09-09 | CVE-2019-16131 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok Oklite 1.2.25 framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | 8.8 |
| 2019-09-05 | CVE-2019-13187 | Unrestricted Upload of File with Dangerous Type vulnerability in Symphonyextensions Rich Text Formatter The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | 9.8 |
| 2019-09-04 | CVE-2019-13976 | Unrestricted Upload of File with Dangerous Type vulnerability in Egain Chat 15.0.3 eGain Chat 15.0.3 allows unrestricted file upload. | 9.8 |
| 2019-09-04 | CVE-2019-15813 | Unrestricted Upload of File with Dangerous Type vulnerability in Sentrifugo 3.2 Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | 8.8 |