CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2020-5846 HIGH
Ahsay Cloud Backup Suite 8.3.0.30 - Code Injection
CVSS 8.8
CVE-2020-5514 CRITICAL
Gila CMS 1.11.8 - Unrestricted Upload of File with Dangerous Type via .phar or .phtml to lzld/thumb
CVSS 9.1
CVE-2019-25758 HIGH
Joomla! Component vBizz 1.0.7 Remote Code Execution
CVSS 8.8
CVE-2019-25714 CRITICAL
Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet
CVE-2019-25673 HIGH
UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload
CVSS 8.8
CVE-2019-25647 HIGH
PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
CVSS 8.8
CVE-2019-25630 HIGH
PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager
CVSS 8.8
CVE-2019-25627 HIGH
FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
CVSS 8.4
CVE-2019-25626 HIGH
River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
CVSS 8.4
CVE-2019-25616 MEDIUM
AnMing MP3 CD Burner 2.0 Local Denial of Service
CVSS 6.2
CVE-2019-25582 MEDIUM
i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter
CVSS 6.5
CVE-2019-25580 HIGH
ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php
CVSS 8.2
CVE-2019-25296 CRITICAL
WP Cost Estimation & Payment Forms Builder <= 9.642 - Unauthenticated Arbitrary File Upload/Deletion
CVSS 9.8
CVE-2019-25229 HIGH
Kentico Xperience - Unrestricted File Upload
CVSS 8.8
CVE-2019-25138 CRITICAL
User Submitted Posts <20190312 - RCE
CVSS 9.8
CVE-2019-18643 CRITICAL
Rock RMS < 8.10 and 9.0-9.3 - Remote Code Execution via File Upload Extension Blacklist Bypass
CVSS 9.8
CVE-2019-1888 HIGH
Cisco Unified Contact Center Express - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2019-20897 MEDIUM
Atlassian Jira < 8.5.4, 8.6.0-8.6.2, 8.7.0-8.7.1 - Denial of Service via Avatar Upload
CVSS 6.5
CVE-2019-15123 HIGH
Viki Vera 4.9.1.26180 - Authenticated Remote Code Execution via Branding Module Logo Upload
CVSS 7.2
CVE-2019-16066 HIGH
NETSAS Enigma NMS <65.0.0 - Code Injection
CVSS 8.8
CVE-2019-11074 HIGH
PRTG Network Monitor < 19.1.49 - Authenticated Arbitrary File Write via PhantomJS Argument Injection
CVSS 7.2
CVE-2019-20451 CRITICAL
Samsung Prismview System 9 11.10.17.00 & Player 11 13.09.1100 - Authenticated RCE via RebootSystem.lnk Upload
CVSS 9.8
CVE-2019-16514 HIGH
ConnectWise Control <19.3.25270.7185 - RCE
CVSS 7.2
CVE-2019-20385 HIGH
Logaritmo Aware CallManager 2012 - Unauthenticated Remote Code Execution via CSV Upload Feature
CVSS 8.8
CVE-2019-20183 HIGH
Employee Records System 1.0 - Unauthenticated Arbitrary File Upload via Client-Side Extension Validation Bypass
CVSS 7.2
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits