Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-48930 | Unrestricted Upload of File with Dangerous Type vulnerability in Rockoa Xinhu 2.2.1 xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | 9.8 |
| 2023-12-04 | CVE-2023-5953 | Unrestricted Upload of File with Dangerous Type vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. | 8.8 |
| 2023-12-04 | CVE-2023-48965 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | 8.8 |
| 2023-12-04 | CVE-2023-48966 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
| 2023-12-01 | CVE-2023-6449 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7 The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. | 7.2 |
| 2023-11-30 | CVE-2023-49052 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 2.0.4 File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | 8.8 |
| 2023-11-28 | CVE-2023-4220 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | 6.1 |
| 2023-11-28 | CVE-2023-4223 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-4224 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-4225 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |