CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,133 vulnerabilities with CWE-434
CVE-2020-7935
HIGH
Artica Pandora FMS <= 7.42 - Authenticated Remote Code Execution via File Manager Unrestricted File Upload
CVSS 7.2
CVE-2020-10806
CRITICAL
eZ Publish Kernel <5.4.14.1,6.x<6.13.6.2,7.x<7.5.6.2 - RCE
CVSS 9.8
CVE-2020-10682
HIGH
CMS Made Simple 2.2.13 - Remote Code Execution via Filemanager .php.jpegd Upload
CVSS 7.8
CVE-2020-9423
CRITICAL
LogicalDoc < 8.3.3 - Unauthenticated Arbitrary File Upload and Command Execution
CVSS 9.8
CVE-2020-9472
MEDIUM
Umbraco CMS < 8.5.4 - Authenticated Remote Code Execution via Install Package File Upload
CVSS 6.5
CVE-2020-9471
HIGH
Umbraco CMS 8.5.3 - Authenticated Remote Code Execution via Install Packages File Upload
CVSS 8.8
CVE-2020-5844
HIGH
Pandora FMS v7.0 NG - Authenticated RCE
CVSS 7.2
CVE-2020-10557
HIGH
AContent < 1.4 - Authenticated Arbitrary File Upload via .php7 Extension Bypass
CVSS 8.8
CVE-2020-10562
HIGH
DEVOME GRR <3.4.1c - Info Disclosure
CVSS 7.2
CVE-2020-10386
HIGH
Chadha PHPKB Standard Multi-Language 9 - Unauthenticated Remote Code Execution via Image Upload
CVSS 7.2
CVE-2020-5256
HIGH
BookStack < 0.25.5 - Remote Code Execution via PHP File Upload
CVSS 7.9
CVE-2020-10225
CRITICAL
PHPGurukul Job Portal 1.0 - Unauthenticated Arbitrary File Upload via admin/gallery.php
CVSS 9.8
CVE-2020-10224
CRITICAL
PHPGurukul Online Book Store 1.0 - Unauthenticated Arbitrary File Upload via admin_add.php
CVSS 9.8
CVE-2020-9380
CRITICAL
IPTV Smarters WEB TV PLAYER < 2020-02-22 - OS Command Execution via File Upload
CVSS 9.8
CVE-2020-8500
HIGH
Artica Pandora FMS 7.42 - Authenticated Arbitrary File Upload via Updater or Extension Component
CVSS 7.2
CVE-2020-5188
MEDIUM
Dnnsoftware Dotnetnuke < 9.4.4 - Unrestricted File Upload
CVSS 6.5
CVE-2020-9320
MEDIUM
Avira Anti-Malware SDK < 8.3.54.138 - Virus Detection Bypass via Crafted ISO Archive
CVSS 5.5
CVE-2020-6975
MEDIUM
Digi ConnectPort LTS 32 MEI - Unrestricted Upload of File with Dangerous Type
CVSS 4.9
CVE-2020-6754
CRITICAL
dotcms < 5.2.4 - Path Traversal and Remote Code Execution via Temporary File Upload
CVSS 9.8
CVE-2020-8440
CRITICAL
Simplejobscript.com SJS <1.66 - RCE
CVSS 9.8
CVE-2020-7998
HIGH
Super File Explorer <1.0.1 - Info Disclosure
CVSS 8.8
CVE-2020-6965
CRITICAL
GE Healthcare ApexPro Telemetry Server < 4.2 - Authenticated Arbitrary File Upload via Software Update Mechanism
CVSS 9.9
CVE-2020-7246
HIGH
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
CVSS 8.8
CVE-2020-2730
MEDIUM
Oracle Financial Services Revenue Management and Billing 2.7.0.0/2.7.0.1/2.8.0.0 - Unrestricted File Upload
CVSS 5.4
CVE-2020-5509
HIGH
PHPGurukul Car Rental Project v1.0 - RCE
CVSS 7.2
Details
Vulnerabilities
4,133
Exploit Likelihood
Medium