Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-17936 | Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo CMS NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. | 9.8 |
| 2018-11-26 | CVE-2018-19562 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.015 An issue was discovered in PHPok 4.9.015. | 8.8 |
| 2018-11-26 | CVE-2018-19550 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | 8.8 |
| 2018-11-26 | CVE-2018-19537 | Unrestricted Upload of File with Dangerous Type vulnerability in Tp-Link Archer C5 Firmware 2160201Us TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. | 7.2 |
| 2018-11-22 | CVE-2018-19457 | Unrestricted Upload of File with Dangerous Type vulnerability in Logicspice FAQ Script 2.9.7 Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | 7.2 |
| 2018-11-21 | CVE-2018-19424 | Unrestricted Upload of File with Dangerous Type vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | 7.2 |
| 2018-11-21 | CVE-2018-19423 | Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4 Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | 7.2 |
| 2018-11-21 | CVE-2018-19422 | Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 7.2 |
| 2018-11-21 | CVE-2018-19421 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-21 | CVE-2018-19420 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |