Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-14 | CVE-2019-12099 | Unrestricted Upload of File with Dangerous Type vulnerability in PHP-Fusion In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload. | 8.8 |
| 2019-05-14 | CVE-2019-8404 | Unrestricted Upload of File with Dangerous Type vulnerability in Webiness Inventory Project Webiness Inventory 2.3 An issue was discovered in Webiness Inventory 2.3. | 6.5 |
| 2019-05-07 | CVE-2019-10869 | Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). | 8.1 |
| 2019-05-06 | CVE-2018-4063 | Unrestricted Upload of File with Dangerous Type vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 8.8 |
| 2019-05-06 | CVE-2019-11807 | Unrestricted Upload of File with Dangerous Type vulnerability in Visser Woocommerce Checkout Manager The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks. | 7.5 |
| 2019-04-30 | CVE-2019-11615 | Unrestricted Upload of File with Dangerous Type vulnerability in Doorgets CMS 7.0 /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. | 8.8 |
| 2019-04-27 | CVE-2019-11568 | Unrestricted Upload of File with Dangerous Type vulnerability in Aikcms 2.0 An issue was discovered in AikCms v2.0. | 8.8 |
| 2019-04-24 | CVE-2019-8992 | Unrestricted Upload of File with Dangerous Type vulnerability in Tibco products The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. | 8.8 |
| 2019-04-24 | CVE-2019-9951 | Unrestricted Upload of File with Dangerous Type vulnerability in Western Digital products Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. | 9.8 |
| 2019-04-22 | CVE-2019-11447 | Unrestricted Upload of File with Dangerous Type vulnerability in Cutephp Cutenews 2.1.2 An issue was discovered in CutePHP CuteNews 2.1.2. | 8.8 |