Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-42802 | Unrestricted Upload of File with Dangerous Type vulnerability in Glpi-Project Glpi 10.0.7/10.0.9 GLPI is a free asset and IT management software package. | 9.8 |
| 2023-11-02 | CVE-2023-5860 | Unrestricted Upload of File with Dangerous Type vulnerability in Bplugins Icons Font Loader 1.0/1.1.2 The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. | 7.2 |
| 2023-11-01 | CVE-2023-46428 | Unrestricted Upload of File with Dangerous Type vulnerability in Hadsky 7.12.10 An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | 8.8 |
| 2023-11-01 | CVE-2023-20196 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. | 7.2 |
| 2023-11-01 | CVE-2023-20195 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. | 7.2 |
| 2023-11-01 | CVE-2023-1713 | Unrestricted Upload of File with Dangerous Type vulnerability in Bitrix24 22.0.300 Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file. | 8.8 |
| 2023-11-01 | CVE-2023-1720 | Unrestricted Upload of File with Dangerous Type vulnerability in Bitrix24 22.0.300 Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. | 8.0 |
| 2023-10-31 | CVE-2023-5360 | Unrestricted Upload of File with Dangerous Type vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. | 9.8 |
| 2023-10-27 | CVE-2023-46815 | Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. | 8.8 |
| 2023-10-26 | CVE-2023-5795 | Unrestricted Upload of File with Dangerous Type vulnerability in Martmbithi POS System 1 A vulnerability was found in CodeAstro POS System 1.0. | 8.8 |