Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-3495 | Unrestricted Upload of File with Dangerous Type vulnerability in Indionetworks Unibox Firmware An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. | 8.8 |
| 2019-03-21 | CVE-2018-20526 | Unrestricted Upload of File with Dangerous Type vulnerability in Roxyfileman Roxy Fileman 1.4.5 Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | 9.8 |
| 2019-03-21 | CVE-2018-19514 | Unrestricted Upload of File with Dangerous Type vulnerability in ENS Webgalamb 6.0/7.0 In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. | 9.8 |
| 2019-03-14 | CVE-2019-9825 | Unrestricted Upload of File with Dangerous Type vulnerability in Feifeicms 4.1.190209 FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature. | 9.8 |
| 2019-03-11 | CVE-2019-9692 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | 6.5 |
| 2019-03-07 | CVE-2019-9185 | Unrestricted Upload of File with Dangerous Type vulnerability in Boltcms Bolt Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | 8.8 |
| 2019-03-07 | CVE-2018-17418 | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | 7.2 |
| 2019-03-07 | CVE-2019-9623 | Unrestricted Upload of File with Dangerous Type vulnerability in Fengoffice Feng Office 3.7.0.5 Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. | 9.8 |
| 2019-03-06 | CVE-2019-9617 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9613 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 7.2 |