Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-30 | CVE-2019-10652 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore 1.4.7 An issue was discovered in flatCore 1.4.7. | 7.2 |
| 2019-03-30 | CVE-2019-10647 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.6.3 ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. | 9.8 |
| 2019-03-29 | CVE-2019-10276 | Unrestricted Upload of File with Dangerous Type vulnerability in Cobub Razor 0.8.0 Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. | 9.8 |
| 2019-03-25 | CVE-2019-10012 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer. | 7.5 |
| 2019-03-21 | CVE-2019-3495 | Unrestricted Upload of File with Dangerous Type vulnerability in Indionetworks Unibox Firmware An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. | 8.8 |
| 2019-03-21 | CVE-2018-20526 | Unrestricted Upload of File with Dangerous Type vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | 9.8 |
| 2019-03-21 | CVE-2018-19514 | Unrestricted Upload of File with Dangerous Type vulnerability in ENS Webgalamb 6.0/7.0 In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. | 9.8 |
| 2019-03-14 | CVE-2019-9825 | Unrestricted Upload of File with Dangerous Type vulnerability in Feifeicms 4.1.190209 FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature. | 9.8 |
| 2019-03-11 | CVE-2019-9692 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | 6.5 |
| 2019-03-07 | CVE-2019-9185 | Unrestricted Upload of File with Dangerous Type vulnerability in Boltcms Bolt Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | 8.8 |