CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,132 vulnerabilities with CWE-434
CVE-2020-20287
CRITICAL
yccms 3.3 - Remote Code Execution via Unrestricted File Upload in xhUp Function
CVSS 9.8
CVE-2020-24549
HIGH
openMAINT <1.1-2.4.2 - Command Injection
CVSS 8.8
CVE-2020-22643
HIGH
Feehi CMS 2.1.0 - Authenticated Arbitrary File Upload via Administrator Image Upload
CVSS 7.2
CVE-2020-26295
HIGH
OpenMage <19.4.10, <20.0.5 - Code Injection
CVSS 8.7
CVE-2020-26285
HIGH
OpenMage < 19.4.10 - Authenticated Remote Code Execution via Data Import/Export
CVSS 8.7
CVE-2020-26252
HIGH
OpenMage < 19.4.10 - Authenticated Remote Code Execution via Product Data Update
CVSS 8.7
CVE-2020-19364
HIGH
OpenEMR 5.0.1 - Authenticated Unrestricted Upload of File with Dangerous Type via controller.php
CVSS 8.8
CVE-2020-29450
MEDIUM
Atlassian Confluence Server and Data Center < 7.2.0 - Denial of Service via Avatar Upload Feature
CVSS 6.5
CVE-2020-36167
CRITICAL
Veritas Backup Exec 20.0-20.0.1188.2734 - Unauthenticated Arbitrary Code Execution via OpenSSL Configuration File
CVSS 9.3
CVE-2020-4928
MEDIUM
IBM Cloud Pak System 2.3.0.0-2.3.3.2 - Arbitrary File Upload via File Extension Manipulation
CVSS 6.7
CVE-2020-35949
CRITICAL
Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Content-Type Bypass
CVSS 10.0
CVE-2020-35945
CRITICAL
Divi, Divi Builder, and Extra < 4.5.3 - Authenticated Arbitrary File Upload via Client-Side Extension Check Bypass
CVSS 9.9
CVE-2020-35797
CRITICAL
NETGEAR NMS300 Firmware < 1.6.0.27 - Unauthenticated Command Injection
CVSS 9.8
CVE-2020-26286
HIGH
HedgeDoc <1.7.1 - Unauthenticated File Upload
CVSS 7.5
CVE-2020-35627
HIGH
Ultimate WooCommerce Gift Cards 3.0.2 - Remote Code Execution via Custom GiftCard Template File Upload
CVSS 8.8
CVE-2020-27397
HIGH
Marital - Online Matrimonial Project In PHP <1.0 - Authenticated RCE
CVSS 8.8
CVE-2020-35657
HIGH
Jaws < 1.8.0 - Authenticated Remote Code Execution via Theme Upload
CVSS 7.2
CVE-2020-35656
HIGH
Jaws < 1.8.0 - Authenticated Remote Code Execution via File Upload
CVSS 7.2
CVE-2020-29447
MEDIUM
Atlassian Crucible <4.7.4, >4.8.0-4.8.5 - DoS
CVSS 4.3
CVE-2020-26174
HIGH
tangro Business Workflow < 1.18.1 - Unrestricted File Upload via Client-Side Bypass
CVSS 8.8
CVE-2020-35489
CRITICAL
Contact Form 7 < 5.3.2 - Unrestricted File Upload and Remote Code Execution via Filename Special Characters
CVSS 10.0
CVE-2020-25010
CRITICAL
Kyland KPS2204 R0002.P05 - Remote Code Execution via File Upload
CVSS 9.8
CVE-2020-35133
HIGH
IrfanView 4.56 - Out-of-Bounds Write via PCX File Parsing
CVSS 7.5
CVE-2020-29607
HIGH
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
CVSS 7.2
CVE-2020-28072
HIGH
Alumni Management System 1.0 - Authenticated Remote Code Execution via Gallery File Upload
CVSS 7.2
Details
Vulnerabilities
4,132
Exploit Likelihood
Medium