CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434
CVE-2020-10562 HIGH
DEVOME GRR <3.4.1c - Info Disclosure
CVSS 7.2
CVE-2020-10386 HIGH
Chadhaajay Phpkb - Unrestricted File Upload
CVSS 7.2
CVE-2020-5256 HIGH
Bookstack < 0.25.3 - Unrestricted File Upload
CVSS 7.9
CVE-2020-10225 CRITICAL
Phpgurukul Job Portal - Unrestricted File Upload
CVSS 9.8
CVE-2020-10224 CRITICAL
Phpgurukul Online Book Store - Unrestricted File Upload
CVSS 9.8
CVE-2020-9380 CRITICAL
Whmcssmarters Web TV Player < 2020-02-22 - Unrestricted File Upload
CVSS 9.8
CVE-2020-8500 HIGH
Artica Pandora FMS <7.42 - RCE
CVSS 7.2
CVE-2020-5188 MEDIUM
Dnnsoftware Dotnetnuke < 9.4.4 - Unrestricted File Upload
CVSS 6.5
CVE-2020-9320 MEDIUM
Avira Anti-malware SDK < 8.3.54.138 - Unrestricted File Upload
CVSS 5.5
CVE-2020-6975 MEDIUM
Digi Connectport Lts 32 Mei Bios - Unrestricted File Upload
CVSS 4.9
CVE-2020-6754 CRITICAL
Dotcms < 5.2.4 - Path Traversal
CVSS 9.8
CVE-2020-8440 CRITICAL
Simplejobscript.com SJS <1.66 - RCE
CVSS 9.8
CVE-2020-7998 HIGH
Super File Explorer <1.0.1 - Info Disclosure
CVSS 8.8
CVE-2020-6965 CRITICAL
Gehealthcare Apexpro Telemetry Server... - Unrestricted File Upload
CVSS 9.9
CVE-2020-7246 HIGH
Qdpm < 9.1 - Path Traversal
CVSS 8.8
CVE-2020-2730 MEDIUM
Oracle Revenue Management And Billing - Unrestricted File Upload
CVSS 5.4
CVE-2020-5509 HIGH
PHPGurukul Car Rental Project v1.0 - RCE
CVSS 7.2
CVE-2020-5846 HIGH
Ahsay Cloud Backup Suite 8.3.0.30 - Code Injection
CVSS 8.8
CVE-2020-5514 CRITICAL
Gila CMS <1.11.8 - Code Injection
CVSS 9.1
CVE-2019-25714 CRITICAL
Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet
CVE-2019-25673 HIGH
UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload
CVSS 8.8
CVE-2019-25647 HIGH
PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
CVSS 8.8
CVE-2019-25630 HIGH
PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager
CVSS 8.8
CVE-2019-25627 HIGH
FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
CVSS 8.4
CVE-2019-25626 HIGH
River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
CVSS 8.4
Details
Vulnerabilities 4,021
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits