CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,019 vulnerabilities with CWE-434
CVE-2020-4703 HIGH
IBM Spectrum Protect Plus < 10.1.6 - Unrestricted File Upload
CVSS 8.0
CVE-2020-10228 HIGH
Vtenext - Unrestricted File Upload
CVSS 8.8
CVE-2020-25287 HIGH
Pligg - Unrestricted File Upload
CVSS 7.2
CVE-2020-25213 CRITICAL KEV
WordPress File Manager Unauthenticated Remote Code Execution
CVSS 10.0
CVE-2020-24199 CRITICAL
Project Worlds Car Rental Management System <1.0 - RCE
CVSS 9.8
CVE-2020-24195 CRITICAL
Sourcecodester Online Bike Rental v1.0 - Authenticated RCE
CVSS 9.1
CVE-2020-6288 MEDIUM
SAP Business Objects - Unrestricted File Upload
CVSS 5.3
CVE-2020-24986 HIGH
Concretecms Concrete Cms < 8.5.2 - Unrestricted File Upload
CVSS 7.2
CVE-2020-14008 HIGH
Zohocorp Manageengine Applications Manager - Unrestricted File Upload
CVSS 7.2
CVE-2020-25042 HIGH
Maracms - Unrestricted File Upload
CVSS 7.2
CVE-2020-24948 HIGH
Autoptimize < 2.7.7 - Unrestricted File Upload
CVSS 7.2
CVE-2020-14209 HIGH
Dolibarr < 11.0.5 - Unrestricted File Upload
CVSS 8.8
CVE-2020-23829 HIGH
LibreHealth EHR <2.0.0 - Authenticated RCE
CVSS 8.8
CVE-2020-24203 CRITICAL
Projects World Travel Management System v1.0 - RCE
CVSS 9.8
CVE-2020-24202 CRITICAL
Projects World House Rental v1.0 - RCE
CVSS 9.8
CVE-2020-24196 HIGH
Online Bike Rental v1.0 - Authenticated RCE
CVSS 7.2
CVE-2020-23972 HIGH
Joomla Component GMapFP <J3.5/J3.5free - Info Disclosure
CVSS 7.5
CVE-2020-15645 HIGH
Marvell Qconvergeconsole < 5.5.00.73 - Unrestricted File Upload
CVSS 8.8
CVE-2020-24186 CRITICAL
gVectors wpDiscuz <7.0.4 - RCE
CVSS 10.0
CVE-2020-22722 HIGH
Rapid Software LLC Rapid SCADA 5.8.0 - Privilege Escalation
CVSS 7.8
CVE-2020-22721 HIGH
PNotes.NET <3.8.1.2 - RCE
CVSS 7.8
CVE-2020-17462 HIGH
CMS Made Simple <2.2.14 - Auth Bypass
CVSS 7.8
CVE-2020-7302 MEDIUM
Mcafee Data Loss Prevention < 11.3.28 - Unrestricted File Upload
CVSS 5.4
CVE-2020-6293 MEDIUM
SAP NetWeaver - Unrestricted File Upload
CVSS 6.5
CVE-2020-15649 MEDIUM
Mozilla Firefox Esr < 68.11 - Unrestricted File Upload
CVSS 5.5
Details
Vulnerabilities 4,019
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits