CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2019-14467 HIGH
Social Photo Gallery plugin 1.0 - WordPress - RCE
CVSS 7.8
CVE-2019-18952 CRITICAL
SibSoft Xfilesharing <2.5.1 - Code Injection
CVSS 9.8
CVE-2019-1443 MEDIUM
Microsoft SharePoint - Information Disclosure via Specially Crafted File Upload
CVSS 6.5
CVE-2019-12719 CRITICAL
AUO SunVeillance Monitoring System < 1.1.9e - Unauthenticated Unrestricted File Upload via Picture_Manage_mvc.aspx
CVSS 9.8
CVE-2019-8140 MEDIUM
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Unrestricted File Upload via Media File Storage Synchronization
CVSS 4.9
CVE-2019-8114 HIGH
Magento < 1.9.4.3 and < 1.14.4.3 - Authenticated Remote Code Execution via Crafted Configuration Archive Upload
CVSS 7.2
CVE-2019-8093 HIGH
Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated Arbitrary File Access via Downloadable Products Upload Controller
CVSS 8.8
CVE-2019-17325 MEDIUM
ClipSoft REXPERT < 1.0.0.527 - Unrestricted File Upload via RexViewerCtrl30.ocx ActiveX Method
CVSS 6.5
CVE-2019-18204 HIGH
Zucchetti InfoBusiness <= 4.4.1 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2019-14451 CRITICAL
Repetier-Server 0.80-0.91 - Remote Code Execution via Malicious Printer Configuration Upload
CVSS 9.8
CVE-2019-18417 HIGH
Sourcecodester Restaurant Management System 1.0 - Authenticated Arbitrary File Upload via Food Addition
CVSS 8.8
CVE-2019-11021 HIGH
Schlix CMS 2.1.8-7 - Authenticated Unrestricted File Upload to Remote Code Execution via Media Manager
CVSS 7.2
CVE-2019-16530 HIGH
Sonatype Nexus Repository Manager <2.14.15 & 3.x <3.19 - RCE
CVSS 7.2
CVE-2019-16700 CRITICAL
slub_events < 3.0.2 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2019-17536 MEDIUM
Gila CMS < 1.11.4 - Unauthenticated Unrestricted File Upload via moveAction
CVSS 4.9
CVE-2019-17490 HIGH
Jiangnan Online Judge 0.8.0 - Arbitrary File Upload via Polygon Problem Tests Endpoint
CVSS 8.8
CVE-2019-17352 HIGH
JFinal < 4.4 and com.jfinal < 4.5 - Unrestricted Upload of File with Dangerous Type via isSafeFile Bypass
CVSS 7.5
CVE-2019-14657 HIGH
Yealink phones <2019-08-04 - RCE
CVSS 8.8
CVE-2019-14656 HIGH
Yealink phones <2019-08-04 - Privilege Escalation
CVSS 8.8
CVE-2019-15751 CRITICAL
SITOS six v6.2.1 - Unauthenticated Unrestricted File Upload of Executable SCORM File
CVSS 9.8
CVE-2019-15748 CRITICAL
SITOS six v6.2.1 - Unauthenticated Arbitrary File Upload via SCORM Package Import
CVSS 9.8
CVE-2019-17188 HIGH
FecMall 2.3.4 - Unrestricted File Upload via Image Upload Bypass
CVSS 7.2
CVE-2019-11655 HIGH
Micro Focus ArcSight Logger >=6.7.0 - Unrestricted File Upload
CVSS 8.8
CVE-2019-15766 HIGH
KSWEB 3.93 - Authenticated Remote Code Execution via AJAX Handler Config File Upload
CVSS 8.8
CVE-2019-17046 HIGH
ilch_cms 2.1.22 - Remote Code Execution via PHP File Upload
CVSS 7.2
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits