Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2018-12940 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. | 8.8 |
| 2018-07-24 | CVE-2017-3189 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. | 8.1 |
| 2018-07-23 | CVE-2018-14570 | Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 1.11 A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. | 8.8 |
| 2018-07-20 | CVE-2018-14441 | Unrestricted Upload of File with Dangerous Type vulnerability in SSH Companywebsite Project SSH Companywebsite 20180503 An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. | 9.8 |
| 2018-07-17 | CVE-2018-14334 | Unrestricted Upload of File with Dangerous Type vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. | 9.8 |
| 2018-07-16 | CVE-2018-13981 | Unrestricted Upload of File with Dangerous Type vulnerability in Zeta-Producer Zeta Producer Desktop CMS The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. | 9.8 |
| 2018-07-13 | CVE-2016-9492 | Unrestricted Upload of File with Dangerous Type vulnerability in Jqueryform PHP Formmail Generator 20161206 The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. | 9.8 |
| 2018-07-12 | CVE-2018-12980 | Unrestricted Upload of File with Dangerous Type vulnerability in Wago products An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. | 8.8 |
| 2018-07-09 | CVE-2018-1000619 | Unrestricted Upload of File with Dangerous Type vulnerability in Ovidentia Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. | 8.8 |
| 2018-07-03 | CVE-2018-11638 | Unrestricted Upload of File with Dangerous Type vulnerability in Dialogic Powermedia XMS 3.5 Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | 7.2 |