Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-6756 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpwebinfotech Social Auto Poster The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. | 8.8 |
| 2024-07-21 | CVE-2024-6958 | Unrestricted Upload of File with Dangerous Type vulnerability in Angeljudesuarez University Management System 1.0 A vulnerability classified as critical was found in itsourcecode University Management System 1.0. | 8.8 |
| 2024-07-21 | CVE-2024-6948 | Unrestricted Upload of File with Dangerous Type vulnerability in Gargaj Wuhu A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. | 9.8 |
| 2024-07-21 | CVE-2024-6945 | Unrestricted Upload of File with Dangerous Type vulnerability in Flute-Cms Flute 0.2.2.4 A vulnerability was found in Flute CMS 0.2.2.4-alpha. | 9.8 |
| 2024-07-18 | CVE-2024-3242 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy Brizy-Page Builder The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. | 8.8 |
| 2024-07-17 | CVE-2024-27311 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central 4001 Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | 8.8 |
| 2024-07-17 | CVE-2024-31411 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Streampipes Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | 8.8 |
| 2024-07-17 | CVE-2024-6220 | Unrestricted Upload of File with Dangerous Type vulnerability in Keydatas The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. | 9.8 |
| 2024-07-17 | CVE-2024-6595 | Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | 5.3 |
| 2024-07-17 | CVE-2024-6801 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Student Management System Project Online Student Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. | 9.8 |