CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2020-7864 HIGH
Raonwiz DEXT5Editor <3.5.1405747.1100.03 - Command Injection
CVSS 7.8
CVE-2020-36141 HIGH
BloofoxCMS 0.5.2.1 - Unrestricted File Upload via MIME Type Validation Bypass
CVSS 8.8
CVE-2020-21005 MEDIUM
WellCMS 2.0 beta3 - Authenticated Unrestricted File Upload
CVSS 6.5
CVE-2020-35442 CRITICAL
FDCMS 4.0 - Unrestricted File Upload via FindexAction.class.php
CVSS 9.8
CVE-2020-26678 HIGH
vFairs 3.3 - Authenticated Remote Code Execution via Profile Picture Upload
CVSS 8.8
CVE-2020-23765 HIGH
Bludit 3.12.0 - Authenticated Arbitrary File Upload via Backup Plugin
CVSS 7.2
CVE-2020-18166 CRITICAL
laobancms v2.0 - Unrestricted File Upload via admin/wenjian.php
CVSS 9.8
CVE-2020-28063 CRITICAL
ArticleCMS - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2020-20092 CRITICAL
ArticleCMS 1.0 - Unauthenticated Arbitrary File Upload via Image Upload Feature
CVSS 9.8
CVE-2020-23790 CRITICAL
Golo Laravel Theme 1.1.5 - Arbitrary File Upload
CVSS 9.8
CVE-2020-19113 CRITICAL
Online Book Store v1.0 - Unrestricted File Upload via admin_add.php
CVSS 9.8
CVE-2020-23083 CRITICAL
JEECG < 4.0 - Unauthenticated Unrestricted File Upload via jeecgFormDemoController
CVSS 9.8
CVE-2020-21452 CRITICAL
uniview ISC2500-S Firmware - Unrestricted Upload of File with Dangerous Type via EC.php
CVSS 9.8
CVE-2020-29592 CRITICAL
Orchard < 1.10 - Unauthenticated Unrestricted Upload of File with Dangerous Type via TinyMCE HTML Editor
CVSS 9.8
CVE-2020-21585 CRITICAL
emlog 6.0.0 - Unrestricted Upload of File with Dangerous Type via Zip Plugin Module
CVSS 9.8
CVE-2020-28173 HIGH
Simple College Website 1.0 - Remote Code Execution via Image Upload in Admin Settings
CVSS 7.2
CVE-2020-19642 MEDIUM
INSMA Wifi Mini Spy 1080P HD Security IP Camera Firmware - Unauthenticated Remote Code Execution via SD Card ASP File
CVSS 6.2
CVE-2020-29032 HIGH
Secomea GateManager < 9.4.621054022 - Authenticated Code Execution via Firmware Archive Upload
CVSS 8.4
CVE-2020-36079 HIGH
zenphoto <= 1.5.7 - Authenticated Arbitrary File Upload via elFinder Plugin
CVSS 7.2
CVE-2020-7847 HIGH
ipTIME NAS < 1.4.36 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Manage Bulletins
CVSS 7.4
CVE-2020-4955 HIGH
IBM Spectrum Protect Operations Center - Unrestricted File Upload
CVSS 8.0
CVE-2020-28871 CRITICAL
Monitorr 1.7.6m - Unauthenticated Remote Code Execution via Insecure File Upload
CVSS 9.8
CVE-2020-25037 HIGH
UCOPIA Wi-Fi Appliance < 6.0.5 - Authenticated Remote Code Execution via Restricted Command Escape
CVSS 8.2
CVE-2020-20287 CRITICAL
yccms 3.3 - Remote Code Execution via Unrestricted File Upload in xhUp Function
CVSS 9.8
CVE-2020-24549 HIGH
openMAINT <1.1-2.4.2 - Command Injection
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits