Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-27 | CVE-2024-6054 | Unrestricted Upload of File with Dangerous Type vulnerability in Auto-Featured-Image Project Auto-Featured-Image The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. | 8.8 |
| 2024-06-25 | CVE-2024-5008 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | 8.8 |
| 2024-06-21 | CVE-2023-45197 | Unrestricted Upload of File with Dangerous Type vulnerability in Adminerevo The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. | 9.8 |
| 2024-06-18 | CVE-2024-6083 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPvibe 11.0.46 A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. | 9.8 |
| 2024-06-12 | CVE-2024-1659 | Unrestricted Upload of File with Dangerous Type vulnerability in Megabip 4.36.2 Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. | 9.8 |
| 2024-06-10 | CVE-2024-36415 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
| 2024-06-06 | CVE-2024-36774 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 7.2 |
| 2024-06-04 | CVE-2024-36858 | Unrestricted Upload of File with Dangerous Type vulnerability in Homebrew JAN 0.4.12 An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2024-06-04 | CVE-2024-37273 | Unrestricted Upload of File with Dangerous Type vulnerability in Homebrew JAN 0.4.12 An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2024-05-28 | CVE-2022-45171 | Unrestricted Upload of File with Dangerous Type vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 8.8 |