Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-21 | CVE-2018-19423 | Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4 Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | 7.2 |
| 2018-11-21 | CVE-2018-19422 | Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 7.2 |
| 2018-11-21 | CVE-2018-19421 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-21 | CVE-2018-19420 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-20 | CVE-2018-18565 | Unrestricted Upload of File with Dangerous Type vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). | 6.8 |
| 2018-11-20 | CVE-2018-18563 | Unrestricted Upload of File with Dangerous Type vulnerability in Roche products An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). | 9.6 |
| 2018-11-19 | CVE-2018-9209 | Unrestricted Upload of File with Dangerous Type vulnerability in Fineuploader PHP-Traditional-Server Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 | 9.8 |
| 2018-11-19 | CVE-2018-9207 | Unrestricted Upload of File with Dangerous Type vulnerability in Hayageek Jquery Upload File Arbitrary file upload in jQuery Upload File <= 4.0.2 | 9.8 |
| 2018-11-19 | CVE-2018-19355 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | 9.8 |
| 2018-11-16 | CVE-2018-18793 | Unrestricted Upload of File with Dangerous Type vulnerability in School Event Management System Project School Event Management System 1.0 School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | 9.8 |