CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2020-7055 CRITICAL
Elementor < 2.7.4 - Arbitrary File Upload via Import Templates Function
CVSS 9.9
CVE-2020-11011 CRITICAL
phproject < 1.7.8 - Authenticated Arbitrary Code Execution via File Upload
CVSS 9.9
CVE-2020-10569 CRITICAL
SysAid On-Premise 20.1.11 - Unauthenticated RCE
CVSS 9.8
CVE-2020-11815 CRITICAL
Rukovoditel 2.5.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Content-Type Manipulation
CVSS 9.8
CVE-2020-11811 CRITICAL
qdPM 9.1 - Unauthenticated Arbitrary File Upload via Profile Photo Content-Type Spoofing
CVSS 9.8
CVE-2020-9280 HIGH
SilverStripe 4.0.0-4.5.0 - Unrestricted Upload of File with Dangerous Type via Forms
CVSS 7.5
CVE-2020-0974 HIGH
Microsoft SharePoint Enterprise Server - Remote Code Execution via Unchecked Application Package Source Markup
CVSS 8.8
CVE-2020-0971 HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Source Markup
CVSS 8.8
CVE-2020-0932 HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Markup
CVSS 8.8
CVE-2020-0931 HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Source Markup
CVSS 8.8
CVE-2020-0929 HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Markup
CVSS 8.8
CVE-2020-0920 HIGH
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Source Markup
CVSS 8.8
CVE-2020-10507 CRITICAL
The School Manage System - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2020-11722 CRITICAL
Dungeon Crawl Stone Soup < 0.25 - Remote Code Execution via Lua Bytecode in .crawlrc Upload
CVSS 9.8
CVE-2020-10621 CRITICAL
WebAccess/NMS <3.0.2 - Code Injection
CVSS 9.8
CVE-2020-11598 CRITICAL
CIPPlanner CIPAce < 9.1 - Unauthenticated Remote Code Execution via Upload.ashx
CVSS 9.8
CVE-2020-11544 HIGH
Project Worlds Official Car Rental System 1 - Authenticated Arbitrary File Upload via add_cars.php
CVSS 7.2
CVE-2020-8639 HIGH
TestLink 1.9.20 - Authenticated Unrestricted File Upload via keywordsImport.php
CVSS 8.8
CVE-2020-11451 HIGH
MicroStrategy Web < 10.4 - Authenticated Arbitrary File Upload via Upload Visualization Plugin
CVSS 7.2
CVE-2020-6008 CRITICAL
LifterLMS < 3.37.15 - Unauthenticated Arbitrary File Write and Remote Code Execution
CVSS 9.8
CVE-2020-10964 CRITICAL
Serendipity < 2.3.4 - Remote Code Execution via Filename Trailing Dot Bypass
CVSS 9.8
CVE-2020-10963 HIGH
FrozenNode Laravel-Administrator <5.0.12 - RCE
CVSS 7.2
CVE-2020-10934 HIGH
Acyba AcyMailing <6.9.2 - File Upload Vulnerability
CVSS 7.2
CVE-2020-8866 MEDIUM
Horde Groupware Webmail Edition 5.2.22 - RCE
CVSS 6.5
CVE-2020-8511 HIGH
Artica Pandora FMS < 7.42 - Authenticated Arbitrary File Upload via File Repository
CVSS 7.2
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits