Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-08 | CVE-2018-12051 | Unrestricted Upload of File with Dangerous Type vulnerability in Schools Alert Management Script Project Schools Alert Management Script Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type. | 9.8 |
| 2018-06-08 | CVE-2018-12045 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | 9.8 |
| 2018-06-07 | CVE-2018-3758 | Unrestricted Upload of File with Dangerous Type vulnerability in Express-Cart Project Express-Cart Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | 8.8 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 7.2 |
| 2018-06-05 | CVE-2018-11736 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck An issue was discovered in Pluck before 4.7.7-dev2. | 9.8 |
| 2018-06-01 | CVE-2018-11196 | Unrestricted Upload of File with Dangerous Type vulnerability in Mahara Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. | 7.5 |
| 2018-05-29 | CVE-2018-11392 | Unrestricted Upload of File with Dangerous Type vulnerability in Jigowatt PHP Login & User Management 3.2.1/4.0/4.1.0 An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. | 8.8 |
| 2018-05-29 | CVE-2018-11523 | Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo Nvrmini 2 Firmware 3.6.5 upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 9.8 |
| 2018-05-28 | CVE-2018-11514 | Unrestricted Upload of File with Dangerous Type vulnerability in Naukri Clone Script Project Naukri Clone Script 3.0.3 PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | 8.8 |
| 2018-05-26 | CVE-2018-6411 | Unrestricted Upload of File with Dangerous Type vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 9.8 |