Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2020-26629 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Hospital Management System 4.0 A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | 9.8 |
| 2024-01-08 | CVE-2023-50982 | Unrestricted Upload of File with Dangerous Type vulnerability in Studip Stud.Ip Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. | 9.0 |
| 2024-01-08 | CVE-2023-5957 | Unrestricted Upload of File with Dangerous Type vulnerability in Naziinfotech NI Purchase Order(Po) for Woocommerce 1.2.1 The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell. | 7.2 |
| 2024-01-08 | CVE-2023-6140 | Unrestricted Upload of File with Dangerous Type vulnerability in G5Plus Essential Real Estate The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. | 8.8 |
| 2024-01-04 | CVE-2023-6551 | Unrestricted Upload of File with Dangerous Type vulnerability in Verot Class.Upload.PHP As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. | 5.4 |
| 2024-01-03 | CVE-2023-50922 | Unrestricted Upload of File with Dangerous Type vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices through 4.5.0. | 7.2 |
| 2024-01-03 | CVE-2023-45724 | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. | 9.8 |
| 2024-01-02 | CVE-2024-0185 | Unrestricted Upload of File with Dangerous Type vulnerability in NIA RRJ Nueva Ecija Engineer Online Portal 1.0 A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. | 8.8 |
| 2023-12-29 | CVE-2023-51419 | Unrestricted Upload of File with Dangerous Type vulnerability in Bertha AI Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. | 9.8 |
| 2023-12-29 | CVE-2023-50104 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzcms 2023 ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | 9.8 |