Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-11 | CVE-2019-9692 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | 6.5 |
| 2019-03-07 | CVE-2019-9185 | Unrestricted Upload of File with Dangerous Type vulnerability in Boltcms Bolt Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | 8.8 |
| 2019-03-07 | CVE-2018-17418 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | 7.2 |
| 2019-03-07 | CVE-2019-9623 | Unrestricted Upload of File with Dangerous Type vulnerability in Fengoffice Feng Office 3.7.0.5 Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. | 9.8 |
| 2019-03-06 | CVE-2019-9617 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9613 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 7.2 |
| 2019-03-06 | CVE-2019-9612 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9609 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9608 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9581 | Unrestricted Upload of File with Dangerous Type vulnerability in Twinkletoessoftware Booked 2.7.5 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. | 8.8 |