Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-6574 | Unrestricted Upload of File with Dangerous Type vulnerability in Byzoro Smart S20 Firmware 20231120 A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. | 8.8 |
| 2023-12-06 | CVE-2023-39538 | Unrestricted Upload of File with Dangerous Type vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. | 7.8 |
| 2023-12-06 | CVE-2023-39539 | Unrestricted Upload of File with Dangerous Type vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. | 7.8 |
| 2023-12-06 | CVE-2023-48930 | Unrestricted Upload of File with Dangerous Type vulnerability in Rockoa Xinhu 2.2.1 xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | 9.8 |
| 2023-12-04 | CVE-2023-5953 | Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. | 8.8 |
| 2023-12-04 | CVE-2023-48965 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | 8.8 |
| 2023-12-04 | CVE-2023-48966 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
| 2023-12-01 | CVE-2023-5636 | Unrestricted Upload of File with Dangerous Type vulnerability in Arslansoft Education Portal Project Arslansoft Education Portal Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1. | 9.8 |
| 2023-12-01 | CVE-2023-5637 | Unrestricted Upload of File with Dangerous Type vulnerability in Arslansoft Education Portal Project Arslansoft Education Portal Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1. | 7.5 |
| 2023-12-01 | CVE-2023-6449 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7 The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. | 7.2 |