Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-4225 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-4226 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-6219 | Unrestricted Upload of File with Dangerous Type vulnerability in Reputeinfosystems Bookingpress The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. | 7.2 |
| 2023-11-28 | CVE-2023-29770 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.5 In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | 8.8 |
| 2023-11-27 | CVE-2023-41998 | Unrestricted Upload of File with Dangerous Type vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. | 9.8 |
| 2023-11-27 | CVE-2023-5604 | Unrestricted Upload of File with Dangerous Type vulnerability in Asgaros Forum The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. | 9.8 |
| 2023-11-23 | CVE-2023-41788 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. | 8.8 |
| 2023-11-23 | CVE-2023-41812 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. | 8.8 |
| 2023-11-22 | CVE-2023-5822 | Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. | 9.8 |
| 2023-11-18 | CVE-2023-6187 | Unrestricted Upload of File with Dangerous Type vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. | 8.8 |