CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434

CVE-2019-3940 CRITICAL

Advantech Webaccess - Unrestricted File Upload

CVSS 9.8

CVE-2019-11028 HIGH

Gatship Web Module < 1.40 - Unrestricted File Upload

CVSS 8.8

CVE-2019-10478 HIGH

Glory-global Rbw-100 Firmware - Unrestricted File Upload

CVSS 7.2

CVE-2019-3489 HIGH

Microfocus Content Manager < 9.3 - Unrestricted File Upload

CVSS 7.5

CVE-2019-10652 HIGH

Flatcore - Unrestricted File Upload

CVSS 7.2

CVE-2019-10647 CRITICAL

Zzzcms Zzzphp - Unrestricted File Upload

CVSS 9.8

CVE-2019-10276 CRITICAL

Cobub Razor - Unrestricted File Upload

CVSS 9.8

CVE-2019-10012 HIGH

Jenzabar JICS <9 - RCE

CVSS 7.5

CVE-2019-3495 HIGH

Indionetworks Unibox Firmware - Unrestricted File Upload

CVSS 8.8

CVE-2019-9825 CRITICAL

FeiFeiCMS 4.1.190209 - RCE

CVSS 9.8

CVE-2019-9692 MEDIUM

CMSMS <2.2.10 - Info Disclosure

CVSS 6.5

CVE-2019-9185 HIGH

Bolt < 3.6.5 - Unrestricted File Upload

CVSS 8.8

CVE-2019-9623 CRITICAL

Feng Office <3.7.0.5 - RCE

phpscheduleit Booked Scheduler <2.7.5 - RCE

CVSS 8.8

CVE-2019-9572 HIGH

SchoolCMS 2.3.1 - Code Injection

CVSS 7.2

CVE-2019-9181 HIGH

Schoolcms - Unrestricted File Upload

CVSS 7.2

CVE-2019-9050 HIGH

Pluck - Unrestricted File Upload

CVSS 7.2

CVE-2019-9042 HIGH

Sitemagic Cms - Unrestricted File Upload

CVSS 7.2

CVE-2019-8942 HIGH

Wordpress < 4.9.9 - Unrestricted File Upload

CVSS 8.8

CVE-2019-8933 HIGH

Dedecms - Unrestricted File Upload

CVSS 8.8

Details

Vulnerabilities 4,021

Exploit Likelihood Medium

Links