CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2020-21481 HIGH
RGCMS 1.06 - Unauthenticated Arbitrary File Upload via .txt to .php Extension Change
CVSS 7.2
CVE-2020-21322 CRITICAL
Feehi CMS < 2.0.8 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2020-20672 HIGH
KiteCMS V1.1 - Arbitrary File Upload via Admin Upload Endpoint
CVSS 7.8
CVE-2020-20670 HIGH
ZKEACMS V3.2.0 - Arbitrary File Upload via Media Upload Endpoint
CVSS 8.8
CVE-2020-19267 CRITICAL
Dswjcms 1.6.4 - Unrestricted Upload of File with Dangerous Type via Resources Endpoint
CVSS 9.8
CVE-2020-19138 CRITICAL
dotcms < 5.2.3 - Remote Code Execution via Unrestricted File Upload in CMSFilter
CVSS 9.8
CVE-2020-18114 CRITICAL
DedeCMS V5.7SP2 - Arbitrary File Upload via /uploads/dede Component
CVSS 9.8
CVE-2020-27461 HIGH
SEOPanel 4.6.0 - Authenticated Remote Code Execution via Import Website File Upload
CVSS 8.8
CVE-2020-18886 HIGH
PHPMyWind v5.6 - Unrestricted File Upload via admin/upload_file_do.php
CVSS 7.2
CVE-2020-18879 CRITICAL
Bludit 3.8.1 - Unauthenticated Arbitrary File Upload via Logo Upload Endpoint
CVSS 9.8
CVE-2020-18704 CRITICAL
Django-Widgy < 0.9.0 - Unauthenticated Arbitrary File Upload via Image Widget
CVSS 9.8
CVE-2020-18462 HIGH
aikcms 2.0.0 - Unrestricted File Upload via poster_edit.php
CVSS 7.2
CVE-2020-20979 CRITICAL
LJCMS 4.3 - Arbitrary File Upload via move_uploaded_file()
CVSS 9.8
CVE-2020-28165 CRITICAL
EasyCorp ZenTao < 12.4.2 - Arbitrary File Upload via downloadZipPackage()
CVSS 9.8
CVE-2020-21359 CRITICAL
Maccms - Unauthenticated Arbitrary File Upload via Template Upload Suffix Bypass
CVSS 9.8
CVE-2020-21976 HIGH
NewsOne CMS 1.1.0 - Arbitrary File Upload via User Image Input
CVSS 8.8
CVE-2020-28088 CRITICAL
jeecg-boot 2.3 - Unauthenticated Arbitrary File Upload via /sys/common/upload
CVSS 9.8
CVE-2020-19303 HIGH
hdcms 5.7 - Unrestricted Upload of File with Dangerous Type via /fileupload.php
CVSS 7.8
CVE-2020-19302 CRITICAL
vaeThink 1.0.1 - Arbitrary File Upload via Avatar Suffix Manipulation
CVSS 9.8
CVE-2020-22249 CRITICAL
phplist 3.5.1 - Remote Code Execution via Malicious Plugin Upload
CVSS 9.8
CVE-2020-21786 CRITICAL
IBOS 4.5.4 Open - Arbitrary File Inclusion via CronController.php
CVSS 9.8
CVE-2020-21787 CRITICAL
CRMEB 3.1.0+ - Unrestricted Upload of File with Dangerous Type via UploadService.php
CVSS 9.8
CVE-2020-19510 CRITICAL
Textpattern 4.7.3 - Arbitrary File Upload via file_insert Function
CVSS 9.8
CVE-2020-36388 HIGH
CiviCRM < 5.21.3 and 5.22.x-5.24.x < 5.24.3 - Unauthenticated Remote Code Execution via PHAR Archive Upload
CVSS 8.8
CVE-2020-35760 CRITICAL
bloofoxcms 0.5.2.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits