Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-17 | CVE-2018-14334 | Unrestricted Upload of File with Dangerous Type vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. | 9.8 |
| 2018-07-16 | CVE-2018-13981 | Unrestricted Upload of File with Dangerous Type vulnerability in Zeta-Producer Zeta Producer Desktop CMS The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. | 9.8 |
| 2018-07-13 | CVE-2016-9492 | Unrestricted Upload of File with Dangerous Type vulnerability in Jqueryform PHP Formmail Generator 20161206 The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. | 9.8 |
| 2018-07-12 | CVE-2018-12980 | Unrestricted Upload of File with Dangerous Type vulnerability in Wago products An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. | 8.8 |
| 2018-07-09 | CVE-2018-1000619 | Unrestricted Upload of File with Dangerous Type vulnerability in Ovidentia Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. | 8.8 |
| 2018-07-03 | CVE-2018-11638 | Unrestricted Upload of File with Dangerous Type vulnerability in Dialogic Powermedia XMS 3.5 Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | 7.2 |
| 2018-07-02 | CVE-2018-12426 | Unrestricted Upload of File with Dangerous Type vulnerability in 3CX Live Chat The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | 9.8 |
| 2018-07-02 | CVE-2018-12528 | Unrestricted Upload of File with Dangerous Type vulnerability in Intex N150 Firmware An issue was discovered on Intex N150 devices. | 8.1 |
| 2018-07-01 | CVE-2018-13038 | Unrestricted Upload of File with Dangerous Type vulnerability in Opendesa Opensid 18.06Pasca OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. | 9.8 |
| 2018-06-29 | CVE-2018-13024 | Unrestricted Upload of File with Dangerous Type vulnerability in Metinfo 6.0.0 Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | 7.2 |