Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-17573 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartlogix Wp-Insert The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. | 9.8 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 |
| 2018-09-25 | CVE-2018-15961 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. | 9.8 |
| 2018-09-21 | CVE-2018-16821 | Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64 SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | 5.3 |
| 2018-09-17 | CVE-2018-17139 | Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5 UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | 8.8 |
| 2018-09-14 | CVE-2018-16287 | Unrestricted Upload of File with Dangerous Type vulnerability in LG Supersign CMS LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | 9.8 |
| 2018-09-13 | CVE-2018-16796 | Unrestricted Upload of File with Dangerous Type vulnerability in Hiscout GRC Suite 3.1.3.12 HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | 8.8 |
| 2018-09-12 | CVE-2018-16974 | Unrestricted Upload of File with Dangerous Type vulnerability in Elefantcms Elefant An issue was discovered in Elefant CMS before 2.0.7. | 9.8 |
| 2018-09-12 | CVE-2018-16388 | Unrestricted Upload of File with Dangerous Type vulnerability in E107 2.1.8 e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | 7.2 |
| 2018-09-08 | CVE-2018-16731 | Unrestricted Upload of File with Dangerous Type vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | 9.8 |