Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-1720 | Unrestricted Upload of File with Dangerous Type vulnerability in Bitrix24 22.0.300 Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. | 8.0 |
| 2023-10-31 | CVE-2023-5360 | Unrestricted Upload of File with Dangerous Type vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. | 9.8 |
| 2023-10-27 | CVE-2023-46815 | Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. | 8.8 |
| 2023-10-26 | CVE-2023-5795 | Unrestricted Upload of File with Dangerous Type vulnerability in Martmbithi POS System 1 A vulnerability was found in CodeAstro POS System 1.0. | 8.8 |
| 2023-10-26 | CVE-2023-5796 | Unrestricted Upload of File with Dangerous Type vulnerability in Martmbithi POS System 1 A vulnerability was found in CodeAstro POS System 1.0. | 8.8 |
| 2023-10-26 | CVE-2023-5790 | Unrestricted Upload of File with Dangerous Type vulnerability in Remyandrade File Manager APP 1.0 A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. | 9.8 |
| 2023-10-25 | CVE-2023-26578 | Unrestricted Upload of File with Dangerous Type vulnerability in Idattend Idweb 3.1.013 Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | 8.8 |
| 2023-10-25 | CVE-2023-45554 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9 File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | 9.8 |
| 2023-10-25 | CVE-2023-45555 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9 File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 7.8 |
| 2023-10-20 | CVE-2020-36706 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple-Press Simple:Press The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. | 9.8 |