Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-21 | CVE-2018-16821 | Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64 SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | 5.3 |
| 2018-09-17 | CVE-2018-17139 | Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5 UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | 8.8 |
| 2018-09-14 | CVE-2018-16287 | Unrestricted Upload of File with Dangerous Type vulnerability in LG Supersign CMS LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | 9.8 |
| 2018-09-13 | CVE-2018-16796 | Unrestricted Upload of File with Dangerous Type vulnerability in Hiscout GRC Suite 3.1.3.12 HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | 8.8 |
| 2018-09-12 | CVE-2018-16974 | Unrestricted Upload of File with Dangerous Type vulnerability in Elefantcms Elefant An issue was discovered in Elefant CMS before 2.0.7. | 9.8 |
| 2018-09-12 | CVE-2018-16388 | Unrestricted Upload of File with Dangerous Type vulnerability in E107 2.1.8 e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | 7.2 |
| 2018-09-08 | CVE-2018-16731 | Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | 9.8 |
| 2018-09-07 | CVE-2018-0645 | Unrestricted Upload of File with Dangerous Type vulnerability in Bit-Part Mtappjquery 1.8.1 MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. | 9.8 |
| 2018-09-06 | CVE-2018-1000658 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. | 8.8 |
| 2018-09-03 | CVE-2018-16397 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, | 4.9 |