Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-37868 | Unrestricted Upload of File with Dangerous Type vulnerability in Emiloimagtolis Online Discussion Forum 1.0 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | 8.8 |
| 2024-10-04 | CVE-2024-37869 | Unrestricted Upload of File with Dangerous Type vulnerability in Emiloimagtolis Online Discussion Forum 1.0 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | 8.8 |
| 2024-10-04 | CVE-2024-47655 | Unrestricted Upload of File with Dangerous Type vulnerability in Shilpisoft Client Dashboard This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. | 8.8 |
| 2024-10-02 | CVE-2024-7855 | The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. | 8.8 |
| 2024-10-01 | CVE-2024-9108 | The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. | 9.8 |
| 2024-09-27 | CVE-2024-9280 | Unrestricted Upload of File with Dangerous Type vulnerability in Kvf-Admin Project Kvf-Admin 20220212 A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. | 9.8 |
| 2024-09-26 | CVE-2024-8126 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. | 8.8 |
| 2024-09-26 | CVE-2024-8725 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. | 5.4 |
| 2024-09-26 | CVE-2024-7772 | Unrestricted Upload of File with Dangerous Type vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. | 9.8 |
| 2024-09-25 | CVE-2024-8940 | Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019 Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. | 9.8 |