Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-19550 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | 8.8 |
| 2018-11-26 | CVE-2018-19537 | Unrestricted Upload of File with Dangerous Type vulnerability in Tp-Link Archer C5 Firmware 2160201Us TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. | 7.2 |
| 2018-11-22 | CVE-2018-19457 | Unrestricted Upload of File with Dangerous Type vulnerability in Logicspice FAQ Script 2.9.7 Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | 7.2 |
| 2018-11-21 | CVE-2018-19424 | Unrestricted Upload of File with Dangerous Type vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | 7.2 |
| 2018-11-21 | CVE-2018-19423 | Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4 Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | 7.2 |
| 2018-11-21 | CVE-2018-19422 | Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 7.2 |
| 2018-11-21 | CVE-2018-19421 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-21 | CVE-2018-19420 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-20 | CVE-2018-18565 | Unrestricted Upload of File with Dangerous Type vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). | 6.8 |
| 2018-11-20 | CVE-2018-18563 | Unrestricted Upload of File with Dangerous Type vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). | 9.6 |