CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2020-20735 CRITICAL
LJCMS 4.3.R60321 - Remote Code Execution via File Upload in ljcms/index.php
CVSS 9.8
CVE-2020-20718 CRITICAL
PluckCMS 4.7.10 - Remote Code Execution via Crafted Image File Upload
CVSS 9.8
CVE-2020-20067 HIGH
ebCMS 1.1.0 - Remote Code Execution via File Upload Type Parameter
CVSS 8.8
CVE-2020-36705 CRITICAL
Adning Advertising < 1.5.5 - Unauthenticated Arbitrary File Upload via _ning_upload_image Function
CVSS 9.8
CVE-2020-36701 HIGH
KingComposer <2.9.3 - Code Injection
CVSS 8.8
CVE-2020-19028 HIGH
emlog 6.0.0 - Unrestricted Upload of File with Dangerous Type via /admin/plugin.php
CVSS 7.5
CVE-2020-22755 HIGH
MCMS 5.0 - Unauthenticated Arbitrary File Upload via Thumbnail
CVSS 8.8
CVE-2020-19802 CRITICAL
DoyoCMS 2.3 - Unrestricted Upload of File with Dangerous Type via Upload File Type Parameter
CVSS 9.8
CVE-2020-19786 HIGH
CSKaza CSZ CMS 1.2.2 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2020-20588 HIGH
ibarn 1.5 - Remote Code Execution via Avatar Upload
CVSS 8.8
CVE-2020-23591 CRITICAL
OPTILINK OP-XT71000N V2.2 - File Upload
CVSS 9.8
CVE-2020-8974 CRITICAL
ZGR TPS200 NG Firmware 2.00 - Unrestricted Firmware Upload via Web Interface
CVSS 10.0
CVE-2020-21516 CRITICAL
FeehiCMS < 2.0.8.1 - Arbitrary File Upload via Head Image Upload
CVSS 9.8
CVE-2020-19228 HIGH
Bludit 3.13.0 - Unrestricted Upload of File with Dangerous Type via Backup Plugin
CVSS 7.2
CVE-2020-28062 HIGH
HisiPHP 2.0.11 - Unauthenticated Arbitrary File Upload via Plugin Directory
CVSS 7.2
CVE-2020-26008 HIGH
ShopXO 1.9.0 - Arbitrary File Upload via PluginsUpload Function
CVSS 7.8
CVE-2020-26007 HIGH
ShopXO 1.9.0 - Unauthenticated Arbitrary File Upload via Payment Plugin
CVSS 7.8
CVE-2020-13675 CRITICAL
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API and REST/File Modules
CVSS 9.8
CVE-2020-29176 HIGH
Z-BlogPHP 1.6.1.2100 - Arbitrary File Upload via Crafted JPG File
CVSS 7.8
CVE-2020-23572 HIGH
BEESCMS v4.0 - Arbitrary File Upload via /admin/upload.php
CVSS 8.8
CVE-2020-18261 CRITICAL
ED01-CMS v1.0 - Arbitrary File Upload via Image Upload Function
CVSS 9.8
CVE-2020-36485 HIGH
Portable Ltd Playable 9.18 - Arbitrary File Upload via Filename Parameter
CVSS 7.8
CVE-2020-23043 HIGH
Tran Tu Air Sender v1.0.2 - Code Injection
CVSS 8.8
CVE-2020-20691 MEDIUM
Monstra CMS 3.0.4 - Unrestricted Upload of File with Dangerous Type via File Extension Filter Bypass
CVSS 6.5
CVE-2020-21483 HIGH
jizhicms 1.5 - Arbitrary File Upload via Crafted JPG to PHP Rename
CVSS 7.2
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits