Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-12 | CVE-2024-40551 | Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | 8.8 |
| 2024-07-12 | CVE-2024-3112 | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Quotes and Tips The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 4.8 |
| 2024-07-08 | CVE-2024-27903 | Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | 9.8 |
| 2024-07-01 | CVE-2024-36987 | Unrestricted Upload of File with Dangerous Type vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. | 6.5 |
| 2024-06-27 | CVE-2024-6054 | Unrestricted Upload of File with Dangerous Type vulnerability in Auto-Featured-Image Project Auto-Featured-Image The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. | 8.8 |
| 2024-06-25 | CVE-2024-5008 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | 8.8 |
| 2024-06-25 | CVE-2024-4197 | Unrestricted Upload of File with Dangerous Type vulnerability in Avaya IP Office An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. | 9.8 |
| 2024-06-21 | CVE-2023-45197 | Unrestricted Upload of File with Dangerous Type vulnerability in Adminerevo The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. | 9.8 |
| 2024-06-18 | CVE-2024-6083 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPvibe 11.0.46 A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. | 9.8 |
| 2024-06-12 | CVE-2024-1659 | Unrestricted Upload of File with Dangerous Type vulnerability in Megabip 4.36.2 Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. | 9.8 |