Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7912 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.2 |
| 2019-08-02 | CVE-2019-7861 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2017-18435 | Unrestricted Upload of File with Dangerous Type vulnerability in Cpanel cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | 7.3 |
| 2019-08-01 | CVE-2018-20926 | Unrestricted Upload of File with Dangerous Type vulnerability in Cpanel cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | 6.7 |
| 2019-08-01 | CVE-2018-20925 | Unrestricted Upload of File with Dangerous Type vulnerability in Cpanel cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | 6.7 |
| 2019-07-31 | CVE-2019-3960 | Unrestricted Upload of File with Dangerous Type vulnerability in Wallaceit Wallacepos 1.4.3 Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. | 7.2 |
| 2019-07-29 | CVE-2015-5601 | Unrestricted Upload of File with Dangerous Type vulnerability in EDX Edx-Platform edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | 8.8 |
| 2019-07-26 | CVE-2019-10267 | Unrestricted Upload of File with Dangerous Type vulnerability in Ahsay Cloud Backup Suite An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. | 8.8 |
| 2019-07-23 | CVE-2019-1010209 | Unrestricted Upload of File with Dangerous Type vulnerability in Gorul Gourl GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. | 7.5 |
| 2019-07-23 | CVE-2019-1010123 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. | 7.5 |