CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,132 vulnerabilities with CWE-434
CVE-2020-24407 CRITICAL
Magento < 2.3.5 and 2.4.0 - Authenticated Arbitrary File Upload via Import Component
CVSS 9.1
CVE-2020-28328 HIGH
SuiteCRM < 7.11.17 - Remote Code Execution via Log File Name Setting
CVSS 8.8
CVE-2020-27387 HIGH
HorizontCMS <1.0.0-beta - Code Injection
CVSS 8.8
CVE-2020-15277 HIGH
baserCMS < 4.4.1 - Authenticated Remote Code Execution via Edit Template File Upload
CVSS 7.2
CVE-2020-4588 HIGH
IBM i2 iBase < 8.9.13 - Unrestricted Upload of Executable Files
CVSS 7.8
CVE-2020-11486 CRITICAL
Intel BMC Firmware < 3.38.30 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2020-8260 HIGH KEV
Pulse Connect Secure <9.1R9 - Authenticated RCE
CVSS 7.2
CVE-2020-27956 CRITICAL
Car Rental Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload
CVSS 9.8
CVE-2020-25483 CRITICAL
UCMS v1.4.8 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2020-3436 HIGH
Cisco ASA & FTD Unauthenticated DoS via Arbitrary File Upload
CVSS 8.6
CVE-2020-26583 MEDIUM
Sage DPW 2020_06_x < 2020_06_002 - Unauthenticated Arbitrary File Upload via Expenses Claiming Functionality
CVSS 6.1
CVE-2020-26048 HIGH
CuppaCMS < 2019-11-12 - Authenticated Remote Code Execution via File Manager Rename Function
CVSS 8.8
CVE-2020-12715 HIGH
RainbowFish PacsOne Server 6.8.4 - Privilege Escalation
CVSS 8.8
CVE-2020-15488 HIGH
Re:Desk 2.3 - Unrestricted Upload of File with Dangerous Type
CVSS 7.5
CVE-2020-25763 CRITICAL
Seat Reservation System 1.0 - Unauthenticated Remote Code Execution via PHP File Upload
CVSS 9.8
CVE-2020-21564 HIGH
Pluck CMS 4.7.10-dev2 and 4.7.11 - Remote Code Execution via File Upload
CVSS 8.8
CVE-2020-19672 CRITICAL
Niushop B2B2C Multi-business V1.11 - Unauthenticated Arbitrary File Upload via Parameter Bypass
CVSS 9.8
CVE-2020-25149 HIGH
Observium 20.8.10631 - Path Traversal and Local File Inclusion via Device Health Metric Parameter
CVSS 8.8
CVE-2020-25145 HIGH
Observium 20.8.10631 - Path Traversal and Local File Inclusion via Device URI Parameter
CVSS 8.8
CVE-2020-25144 HIGH
Observium 20.8.10631 - Path Traversal and Local File Inclusion via inc.php Extension
CVSS 8.8
CVE-2020-25136 HIGH
Observium 20.8.10631 - Path Traversal and Local File Inclusion via Device Routing Tab Parameter
CVSS 8.8
CVE-2020-25134 HIGH
Observium 20.8.10631 - Path Traversal and Local File Inclusion via Settings URI
CVSS 8.8
CVE-2020-25133 HIGH
Observium 20.8.10631 - Path Traversal and Local File Inclusion via Ports URI Parameter
CVSS 8.8
CVE-2020-12843 CRITICAL
is smart gate PRO <1.5.9 - Code Injection
CVSS 9.8
CVE-2020-12837 HIGH
is smart gate PRO 1.5.9 - Code Injection
CVSS 7.5
Details
Vulnerabilities 4,132
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits