Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2020-19786 | Unrestricted Upload of File with Dangerous Type vulnerability in Cszcms CSZ CMS 1.2.2 File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. | 8.8 |
| 2023-03-23 | CVE-2023-25655 | Unrestricted Upload of File with Dangerous Type vulnerability in Basercms baserCMS is a Content Management system. | 9.8 |
| 2023-03-22 | CVE-2023-28725 | Unrestricted Upload of File with Dangerous Type vulnerability in Generalbytes Crypto Application Server 20230120 General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. | 9.1 |
| 2023-03-15 | CVE-2023-28337 | Unrestricted Upload of File with Dangerous Type vulnerability in Netgear Rax30 Firmware When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. | 8.8 |
| 2023-03-15 | CVE-2023-27235 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.4.5 An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | 7.2 |
| 2023-03-15 | CVE-2023-27757 | Unrestricted Upload of File with Dangerous Type vulnerability in Perfree Perfreeblog 3.1.1 An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. | 9.8 |
| 2023-03-14 | CVE-2023-26262 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitecore Experience Manager and Experience Platform An issue was discovered in Sitecore XP/XM 10.3. | 7.2 |
| 2023-03-13 | CVE-2023-0477 | Unrestricted Upload of File with Dangerous Type vulnerability in Cm-Wp Auto Featured Image The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. | 8.8 |
| 2023-03-10 | CVE-2023-23328 | Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7 A File Upload vulnerability exists in AvantFAX 3.3.7. | 8.8 |
| 2023-03-10 | CVE-2023-27164 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 4.8 |