Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-14 | CVE-2017-1002016 | Unrestricted Upload of File with Dangerous Type vulnerability in Flickr Picture Backup Project Flickr Picture Backup 0.7 Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | 9.8 |
| 2017-09-14 | CVE-2017-1002008 | Unrestricted Upload of File with Dangerous Type vulnerability in Membership Simplified Project Membership Simplified 1.58 Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | 9.8 |
| 2017-09-14 | CVE-2017-1002003 | Unrestricted Upload of File with Dangerous Type vulnerability in Wp2Android-Turn-Wp-Site-Into-Android-App Project Wp2Android-Turn-Wp-Site-Into-Android-App 1.1.4 Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | 9.8 |
| 2017-09-14 | CVE-2017-1002002 | Unrestricted Upload of File with Dangerous Type vulnerability in Webapp-Builder Project Webapp-Builder 2.0 Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | 9.8 |
| 2017-09-14 | CVE-2017-1002001 | Unrestricted Upload of File with Dangerous Type vulnerability in Mobile-App-Builder-By-Wappress Project Mobile-App-Builder-By-Wappress 1.05 Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | 9.8 |
| 2017-09-14 | CVE-2017-1002000 | Unrestricted Upload of File with Dangerous Type vulnerability in Mobile-Friendly-App-Builder-By-Easytouch Project Mobile-Friendly-App-Builder-By-Easytouch 3.0 Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. | 9.8 |
| 2017-09-12 | CVE-2017-14399 | Unrestricted Upload of File with Dangerous Type vulnerability in Blackcat-Cms Blackcat CMS 1.2.2 In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | 8.8 |
| 2017-09-12 | CVE-2017-14346 | Unrestricted Upload of File with Dangerous Type vulnerability in Blog Project Blog upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | 9.8 |
| 2017-09-12 | CVE-2015-9228 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | 8.8 |
| 2017-09-11 | CVE-2017-14251 | Unrestricted Upload of File with Dangerous Type vulnerability in Typo3 Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | 8.8 |