CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,132 vulnerabilities with CWE-434
CVE-2020-25515 HIGH
Simple Library Management System 1.0 - Unrestricted File Upload via New Book Feature
CVSS 7.8
CVE-2020-15839 MEDIUM
Liferay Portal < 7.3.3 and Liferay DXP 7.1-7.2 - Authenticated Denial of Service via Large File Upload
CVSS 6.5
CVE-2020-14022 HIGH
Ozeki NG SMS Gateway 4.17.1-4.17.6 - Unrestricted Upload of Executable File via Import Contacts
CVSS 8.8
CVE-2020-4620 HIGH
IBM Data Risk Manager < 2.0.6.4 - Authenticated Arbitrary File Upload via Improper File Extension Validation
CVSS 8.8
CVE-2020-25790 HIGH
Typesetter CMS 5.0-5.1 - Authenticated Remote Code Execution via ZIP Archive Upload
CVSS 7.2
CVE-2020-15189 MEDIUM
SOY CMS <=3.0.2 - Remote Code Execution via elFinder File Upload
CVSS 6.8
CVE-2020-25733 HIGH
webtareas < 2.1 - Unrestricted Upload of Dangerous File Types
CVSS 7.5
CVE-2020-13260 MEDIUM
RAD SecFlow-1v Firmware - Authenticated Stored Cross-Site Scripting via OVPN File Upload
CVSS 6.1
CVE-2020-23828 CRITICAL
SourceCodester Online Course Registration v1.0 - RCE
CVSS 9.8
CVE-2020-4703 HIGH
IBM Spectrum Protect Plus 10.1.0-10.1.6 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 8.0
CVE-2020-10228 HIGH
vtenext 19 CE - Authenticated Remote Code Execution via .pht File Upload
CVSS 8.8
CVE-2020-25287 HIGH
Pligg 2.0.3 - Authenticated Arbitrary File Write via Template Editor
CVSS 7.2
CVE-2020-25213 CRITICAL KEV
WordPress File Manager Unauthenticated Remote Code Execution
CVSS 10.0
CVE-2020-24199 CRITICAL
Project Worlds Car Rental Management System <1.0 - RCE
CVSS 9.8
CVE-2020-24195 CRITICAL
Sourcecodester Online Bike Rental v1.0 - Authenticated RCE
CVSS 9.1
CVE-2020-6288 MEDIUM
SAP Business Objects - Unrestricted File Upload
CVSS 5.3
CVE-2020-24986 HIGH
concretecms <= 8.5.2 - Unauthenticated Unrestricted Upload of File with Dangerous Type via File Manager
CVSS 7.2
CVE-2020-14008 HIGH
ManageEngine Applications Manager <= 14710 - Authenticated Remote Code Execution via JAR Upload
CVSS 7.2
CVE-2020-25042 HIGH
MaraCMS 7.5 - Authenticated Arbitrary File Upload via codebase/dir.php
CVSS 7.2
CVE-2020-24948 HIGH
Autoptimize < 2.7.7 - Authenticated Unrestricted File Upload via ao_ccss_import AJAX Call
CVSS 7.2
CVE-2020-14209 HIGH
Dolibarr < 11.0.5 - Authenticated Arbitrary File Upload and Remote Code Execution via .pht and .phar Files
CVSS 8.8
CVE-2020-23829 HIGH
LibreHealth EHR <2.0.0 - Authenticated RCE
CVSS 8.8
CVE-2020-24203 CRITICAL
Projects World Travel Management System v1.0 - RCE
CVSS 9.8
CVE-2020-24202 CRITICAL
Projects World House Rental v1.0 - RCE
CVSS 9.8
CVE-2020-24196 HIGH
Online Bike Rental v1.0 - Authenticated RCE
CVSS 7.2
Details
Vulnerabilities 4,132
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits