Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-29 | CVE-2023-50104 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzcms 2023 ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | 9.8 |
| 2023-12-28 | CVE-2023-50038 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8 There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | 8.8 |
| 2023-12-28 | CVE-2023-50692 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.5 File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | 8.8 |
| 2023-12-26 | CVE-2023-5673 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. | 8.8 |
| 2023-12-26 | CVE-2023-5931 | Unrestricted Upload of File with Dangerous Type vulnerability in Rtcamp Rtmedia The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. | 8.8 |
| 2023-12-26 | CVE-2023-52086 | Unrestricted Upload of File with Dangerous Type vulnerability in Startutorial PHP Backend for Resumable.Js 0.1.4 resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. | 8.1 |
| 2023-12-22 | CVE-2023-51034 | Unrestricted Upload of File with Dangerous Type vulnerability in Totolink Ex1200L Firmware 9.3.5U.6146B20201023 TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | 9.8 |
| 2023-12-20 | CVE-2023-23970 | Unrestricted Upload of File with Dangerous Type vulnerability in Woorockets Corsa Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. | 8.8 |
| 2023-12-20 | CVE-2023-28170 | Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import 1.1.1 Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | 7.2 |
| 2023-12-20 | CVE-2023-6562 | Unrestricted Upload of File with Dangerous Type vulnerability in Kakadusoftware Kakadu SDK JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. | 7.5 |