Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-21 | CVE-2019-6513 | Unrestricted Upload of File with Dangerous Type vulnerability in Wso2 API Manager 2.6.0 An issue was discovered in WSO2 API Manager 2.6.0. | 5.4 |
| 2019-05-20 | CVE-2019-12185 | Unrestricted Upload of File with Dangerous Type vulnerability in Elabftw 1.8.5 eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. | 8.8 |
| 2019-05-17 | CVE-2019-12170 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. | 8.8 |
| 2019-05-17 | CVE-2019-11887 | Unrestricted Upload of File with Dangerous Type vulnerability in Simplybook 20190423/20190511 SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. | 9.8 |
| 2019-05-14 | CVE-2019-12099 | Unrestricted Upload of File with Dangerous Type vulnerability in PHP-Fusion In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload. | 8.8 |
| 2019-05-14 | CVE-2019-8404 | Unrestricted Upload of File with Dangerous Type vulnerability in Webiness Inventory Project Webiness Inventory 2.3 An issue was discovered in Webiness Inventory 2.3. | 6.5 |
| 2019-05-07 | CVE-2019-10869 | Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). | 8.1 |
| 2019-05-06 | CVE-2018-4063 | Unrestricted Upload of File with Dangerous Type vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 8.8 |
| 2019-05-06 | CVE-2019-11807 | Unrestricted Upload of File with Dangerous Type vulnerability in Visser Woocommerce Checkout Manager The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks. | 7.5 |
| 2019-04-30 | CVE-2019-11615 | Unrestricted Upload of File with Dangerous Type vulnerability in Doorgets CMS 7.0 /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. | 8.8 |