Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-9612 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9609 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9608 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
| 2019-03-06 | CVE-2019-9581 | Unrestricted Upload of File with Dangerous Type vulnerability in Twinkletoessoftware Booked 2.7.5 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. | 8.8 |
| 2019-03-05 | CVE-2019-9572 | Unrestricted Upload of File with Dangerous Type vulnerability in Schoolcms 2.3.1 SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. | 7.2 |
| 2019-02-26 | CVE-2019-9181 | Unrestricted Upload of File with Dangerous Type vulnerability in Schoolcms 2.3.1 SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. | 7.2 |
| 2019-02-25 | CVE-2018-20063 | Unrestricted Upload of File with Dangerous Type vulnerability in Gurock Testrail 5.6.0.3853 An issue was discovered in Gurock TestRail 5.6.0.3853. | 8.8 |
| 2019-02-23 | CVE-2019-9050 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 7.2 |
| 2019-02-23 | CVE-2019-9042 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitemagic CMS 4.4 An issue was discovered in Sitemagic CMS v4.4. | 7.2 |
| 2019-02-20 | CVE-2019-8942 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. | 8.8 |