CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,132 vulnerabilities with CWE-434
CVE-2020-26828 MEDIUM
SAP Disclosure Management <10.1 - Code Injection
CVSS 6.4
CVE-2020-26826 MEDIUM
SAP NetWeaver AS JAVA <7.51 - Unrestricted File Upload
CVSS 6.5
CVE-2020-23520 HIGH
imcat 5.2 - Authenticated Remote Code Execution via Picture Upload
CVSS 7.2
CVE-2020-26255 MEDIUM
Kirby CMS <3.4.5 & Kirby Panel <2.5.14 - RCE
CVSS 6.8
CVE-2020-29597 CRITICAL
IncomCMS 2.0 - Unauthenticated Unrestricted File Upload via modules/uploader/showcase/script.php
CVSS 9.8
CVE-2020-28939 HIGH
OpenClinic 0.8.2 - Authenticated Arbitrary File Upload via medical/test_new.php
CVSS 7.2
CVE-2020-29441 HIGH
OutSystems Platform <10.0.1019.0 - Unauthenticated File Upload
CVSS 7.2
CVE-2020-25537 CRITICAL
UCMS 1.5.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2020-13671 HIGH KEV
Drupal Core < 7.74, 8.8.11, 8.9.9, 9.0.8 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2020-7569 HIGH
EcoStruxure Building Operation WebReports 1.9-3.1 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2020-25406 HIGH
lemocms 1.8.0-1.8.6 - Unrestricted Upload of Executable Files
CVSS 7.3
CVE-2020-28130 CRITICAL
Online Library Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload
CVSS 9.8
CVE-2020-26553 CRITICAL
Aviatrix Controller <R6.0.2483 - Code Injection
CVSS 9.8
CVE-2020-28136 HIGH
Tourism Management System 1.0 - Unauthenticated Arbitrary File Upload via Admin Create Package
CVSS 8.8
CVE-2020-28140 CRITICAL
SourceCodester Online Clothing Store 1.0 - Arbitrary File Upload via Products.php Image Upload
CVSS 9.8
CVE-2020-28688 HIGH
Artworks Gallery 1.0 - Unauthenticated Arbitrary File Upload via Add Artwork
CVSS 8.8
CVE-2020-28687 HIGH
Artworks Gallery 1.0 - Unauthenticated Arbitrary File Upload via Edit Profile
CVSS 8.8
CVE-2020-28693 HIGH
HorizontCMS 1.0.0-beta - Authenticated Unrestricted File Upload via Theme Zip Import
CVSS 8.8
CVE-2020-28692 HIGH
Gila CMS 1.16.0 - Unrestricted File Upload and Remote Code Execution via .htaccess Abuse
CVSS 7.2
CVE-2020-13774 CRITICAL
Ivanti Endpoint Manager 2019.1 and 2020.1 - Authenticated Remote Code Execution via ASPX File Upload
CVSS 9.9
CVE-2020-27386 HIGH
FlexDotnetCMS < 1.5.9 - Authenticated Arbitrary File Upload via FileManager and Rename Bypass
CVSS 8.8
CVE-2020-26804 HIGH
Sentrifugo 3.2 - Unrestricted File Upload
CVSS 8.8
CVE-2020-26803 HIGH
Sentrifugo 3.2 - Unrestricted File Upload
CVSS 8.8
CVE-2020-26820 HIGH
SAP NetWeaver AS JAVA -7.20-7.50 - Privilege Escalation
CVSS 7.2
CVE-2020-23138 CRITICAL
Microweber 1.1.18 - Unauthenticated Unrestricted File Upload via Admin Account Page
CVSS 9.8
Details
Vulnerabilities 4,132
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits