Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-9572 | Unrestricted Upload of File with Dangerous Type vulnerability in Schoolcms 2.3.1 SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. | 7.2 |
| 2019-02-26 | CVE-2019-9181 | Unrestricted Upload of File with Dangerous Type vulnerability in Schoolcms 2.3.1 SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. | 7.2 |
| 2019-02-25 | CVE-2018-20063 | Unrestricted Upload of File with Dangerous Type vulnerability in Gurock Testrail 5.6.0.3853 An issue was discovered in Gurock TestRail 5.6.0.3853. | 8.8 |
| 2019-02-23 | CVE-2019-9050 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 7.2 |
| 2019-02-23 | CVE-2019-9042 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitemagic CMS 4.4 An issue was discovered in Sitemagic CMS v4.4. | 7.2 |
| 2019-02-20 | CVE-2019-8942 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. | 8.8 |
| 2019-02-19 | CVE-2019-8933 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | 8.8 |
| 2019-02-18 | CVE-2019-8433 | Unrestricted Upload of File with Dangerous Type vulnerability in Jtbc PHP 3.0.1.8 JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. | 7.5 |
| 2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 6.5 |
| 2019-02-16 | CVE-2019-8362 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | 7.5 |