CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434

CVE-2020-36897 CRITICAL

QiHang Media Web Digital Signage 3.0.9 - RCE

CVSS 9.8

CVE-2020-36882 HIGH

Flexsense DiskBoss 7.7.14 - Unauthenticated Arbitrary File Upload via Search Files Directory Field

CVSS 7.5

CVE-2020-36863 HIGH

Nagios XI < 5.7.2 - Authenticated Remote Code Execution via Audio Import Directory File Upload

CVSS 8.8

CVE-2020-36849 CRITICAL

AIT CSV import/export < 3.0.3 - Unauthenticated Arbitrary File Upload via upload-handler.php

CVSS 9.8

CVE-2020-36847 CRITICAL

Simple-File-List Plugin <4.2.2 - RCE

CVSS 9.8

CVE-2020-36842 HIGH

WPvivid Migration, Backup, Staging < 0.9.35 - Authenticated Arbitrary File Upload via AJAX Actions

CVSS 8.8

CVE-2020-22539 HIGH

Codoforum 4.9 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Add Category Function

CVSS 7.2

CVE-2020-36825 MEDIUM

cyberaz0r WebRAT <20191222 - Unrestricted Upload

CVSS 6.3

CVE-2020-26629 CRITICAL

Hospital Management System V4.0 - Code Injection

CVSS 9.8

CVE-2020-36706 CRITICAL

Simple:Press - WordPress Forum Plugin <6.6.0 - RCE

CVSS 9.8

CVE-2020-18912 CRITICAL

EarCMS Ear App 20181124 - Code Execution via uload/index-uplog.php

CVSS 9.8

CVE-2020-36082 CRITICAL

bloofoxCMS 0.5.2.1 - Remote Code Execution via Webshell File Upload

CVSS 9.8

CVE-2020-23564 HIGH

SEMCMS 3.9 - Remote Code Execution via SEMCMS_Upfile.php

CVSS 7.2

CVE-2020-22159 HIGH

EVERTZ 3080IPX, 7801FC, and 7890IXG Firmware - Authenticated Arbitrary File Upload

CVSS 8.8

CVE-2020-21861 HIGH

DuxCMS 2.1 - Unauthenticated Arbitrary PHP File Upload via AdminUpload Endpoint

CVSS 8.8

CVE-2020-22153 CRITICAL

FUEL-CMS 1.4.6 - Remote Code Execution via Navigation Upload Parameter

CVSS 9.8

CVE-2020-22151 CRITICAL

Fuel-CMS 1.4.6 - Unauthenticated Arbitrary Code Execution via Zip File Upload

CVSS 9.8

CVE-2020-18432 CRITICAL

SEMCMS PHP 3.7 - Privilege Escalation

CVSS 9.8

CVE-2020-20210 HIGH

Bludit 3.9.2 - Remote Code Execution via /admin/ajax/upload-images

CVSS 8.8

CVE-2020-21489 CRITICAL

Feehicms < 2.0.8.1 - Remote Code Execution via Unrestricted File Upload in Admin User Update

CVSS 9.8

CVE-2020-21474 CRITICAL

NucleusCMS 3.71 - Remote Code Execution via Skinfiles Plugin RSD Parameter

CVSS 9.8

CVE-2020-21325 HIGH

wuzhicms 4.1.0 - Remote Code Execution via set_chache Method in common.func.php

CVSS 8.8

CVE-2020-21174 CRITICAL

feehi cms < 2.0.8.1 - Remote Code Execution via Image Suffix Upload

CVSS 9.8

CVE-2020-20969 HIGH

Pluck 4.7.10 - Remote Code Execution via Trashcan Restore Item File Upload

CVSS 7.2

CVE-2020-20919 HIGH

Pluck CMS 4.7.10-dev2 - Unrestricted File Upload via theme.php

CVSS 7.2

Details

Vulnerabilities 4,130

Exploit Likelihood Medium

Links