CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,019 vulnerabilities with CWE-434
CVE-2020-4928 MEDIUM
IBM Cloud Pak System < 2.3.3.3 - Unrestricted File Upload
CVSS 6.7
CVE-2020-35949 CRITICAL
Expresstech Quiz And Survey Master < 7.0.1 - Unrestricted File Upload
CVSS 10.0
CVE-2020-35945 CRITICAL
Elegantthemes Divi < 4.5.3 - Unrestricted File Upload
CVSS 9.9
CVE-2020-35797 CRITICAL
Netgear Nms300 Firmware < 1.6.0.27 - Unrestricted File Upload
CVSS 9.8
CVE-2020-26286 HIGH
HedgeDoc <1.7.1 - Unauthenticated File Upload
CVSS 7.5
CVE-2020-35627 HIGH
Woocommerce Gift Cards - Unrestricted File Upload
CVSS 8.8
CVE-2020-27397 HIGH
Marital - Online Matrimonial Project In PHP <1.0 - Authenticated RCE
CVSS 8.8
CVE-2020-35657 HIGH
Jaws < 1.8.0 - Unrestricted File Upload
CVSS 7.2
CVE-2020-35656 HIGH
Jaws < 1.8.0 - Unrestricted File Upload
CVSS 7.2
CVE-2020-29447 MEDIUM
Atlassian Crucible <4.7.4, >4.8.0-4.8.5 - DoS
CVSS 4.3
CVE-2020-26174 HIGH
Tangro Business Workflow < 1.18.1 - Unrestricted File Upload
CVSS 8.8
CVE-2020-35489 CRITICAL
Rocklobster Contact Form 7 < 5.3.2 - Unrestricted File Upload
CVSS 10.0
CVE-2020-25010 CRITICAL
Kyland Kps2204 6 Port Managed Din-rai... - Unrestricted File Upload
CVSS 9.8
CVE-2020-35133 HIGH
irfanView 4.56 - Buffer Overflow
CVSS 7.5
CVE-2020-29607 HIGH
Pluck CMS <4.7.13 - RCE
CVSS 7.2
CVE-2020-28072 HIGH
Alumni Management System - Unrestricted File Upload
CVSS 7.2
CVE-2020-26828 MEDIUM
SAP Disclosure Management <10.1 - Code Injection
CVSS 6.4
CVE-2020-26826 MEDIUM
SAP NetWeaver AS JAVA <7.51 - Unrestricted File Upload
CVSS 6.5
CVE-2020-23520 HIGH
imcat 5.2 - RCE
CVSS 7.2
CVE-2020-26255 MEDIUM
Kirby CMS <3.4.5 & Kirby Panel <2.5.14 - RCE
CVSS 6.8
CVE-2020-29597 CRITICAL
IncomCMS 2.0 - File Upload
CVSS 9.8
CVE-2020-28939 HIGH
Openclinic - Unrestricted File Upload
CVSS 7.2
CVE-2020-29441 HIGH
OutSystems Platform <10.0.1019.0 - Unauthenticated File Upload
CVSS 7.2
CVE-2020-25537 CRITICAL
Ucms - Unrestricted File Upload
CVSS 9.8
CVE-2020-13671 HIGH KEV
Drupal < 7.74 - Unrestricted File Upload
CVSS 8.8
Details
Vulnerabilities 4,019
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits