CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,019 vulnerabilities with CWE-434
CVE-2020-7569 HIGH
Schneider-electric Webreports < 3.1 - Unrestricted File Upload
CVSS 8.8
CVE-2020-25406 HIGH
Lemocms < 1.8.7 - Unrestricted File Upload
CVSS 7.3
CVE-2020-28130 CRITICAL
Online Library Management System - Unrestricted File Upload
CVSS 9.8
CVE-2020-26553 CRITICAL
Aviatrix Controller <R6.0.2483 - Code Injection
CVSS 9.8
CVE-2020-28136 HIGH
Phpgurukul Tourism Management System - Unrestricted File Upload
CVSS 8.8
CVE-2020-28140 CRITICAL
Online Clothing Store - Unrestricted File Upload
CVSS 9.8
CVE-2020-28688 HIGH
Artworks Gallery IN Php, Css, Javascr... - Unrestricted File Upload
CVSS 8.8
CVE-2020-28687 HIGH
Artworks Gallery IN Php, Css, Javascr... - Unrestricted File Upload
CVSS 8.8
CVE-2020-28693 HIGH
Horizontcms - Unrestricted File Upload
CVSS 8.8
CVE-2020-28692 HIGH
Gilacms Gila Cms - Unrestricted File Upload
CVSS 7.2
CVE-2020-13774 CRITICAL
Ivanti Endpoint Manager - Unrestricted File Upload
CVSS 9.9
CVE-2020-27386 HIGH
FlexDotnetCMS <1.5.9 - RCE
CVSS 8.8
CVE-2020-26804 HIGH
Sentrifugo 3.2 - Unrestricted File Upload
CVSS 8.8
CVE-2020-26803 HIGH
Sentrifugo 3.2 - Unrestricted File Upload
CVSS 8.8
CVE-2020-26820 HIGH
SAP NetWeaver AS JAVA -7.20-7.50 - Privilege Escalation
CVSS 7.2
CVE-2020-23138 CRITICAL
Microweber 1.1.18 - File Upload
CVSS 9.8
CVE-2020-24407 CRITICAL
Magento <2.4.0-2.3.5p1 - RCE
CVSS 9.1
CVE-2020-28328 HIGH
Salesagility Suitecrm < 7.11.17 - Unrestricted File Upload
CVSS 8.8
CVE-2020-27387 HIGH
HorizontCMS <1.0.0-beta - Code Injection
CVSS 8.8
CVE-2020-15277 HIGH
baserCMS <4.4.1 - RCE
CVSS 7.2
CVE-2020-4588 HIGH
IBM I2 Ibase < 8.9.13 - Unrestricted File Upload
CVSS 7.8
CVE-2020-11486 CRITICAL
Intel Bmc Firmware < 3.38.30 - Unrestricted File Upload
CVSS 9.8
CVE-2020-8260 HIGH KEV
Pulse Connect Secure <9.1R9 - Authenticated RCE
CVSS 7.2
CVE-2020-27956 CRITICAL
Car Rental Management System - Unrestricted File Upload
CVSS 9.8
CVE-2020-25483 CRITICAL
Ucms - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,019
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits