Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-5965 | Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | 7.2 |
| 2023-11-30 | CVE-2023-49052 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 2.0.4 File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | 8.8 |
| 2023-11-28 | CVE-2023-4220 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | 6.1 |
| 2023-11-28 | CVE-2023-4223 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-4224 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-4225 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-4226 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 |
| 2023-11-28 | CVE-2023-6219 | Unrestricted Upload of File with Dangerous Type vulnerability in Reputeinfosystems Bookingpress The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. | 7.2 |
| 2023-11-28 | CVE-2023-29770 | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.5 In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | 8.8 |
| 2023-11-27 | CVE-2023-41998 | Unrestricted Upload of File with Dangerous Type vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. | 9.8 |