CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,133 vulnerabilities with CWE-434
CVE-2019-15862
HIGH
CKFinder <2.6.2.1 - Info Disclosure
CVSS 7.5
CVE-2019-16720
HIGH
ZZZCMS zzzphp 1.7.2 - Unrestricted File Upload via UEditor Controller
CVSS 7.5
CVE-2019-14916
MEDIUM
PRiSE adAS 1.7.0 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2019-14252
HIGH
Publisure 2.1.2 - Authenticated Arbitrary PHP File Upload via adminCons.php
CVSS 7.2
CVE-2019-15843
HIGH
Xiaomi Millet <6.3.9.3 - Info Disclosure
CVSS 7.4
CVE-2019-6839
HIGH
Schneider Electric U.motion Server - Unrestricted File Upload
CVSS 8.8
CVE-2019-15131
CRITICAL
Code42 < 6.7.5, 6.8.4-6.8.8, 7.0.0 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2019-8371
HIGH
OpenEMR 5.0.1-6 - Remote Code Execution via Unrestricted File Upload
CVSS 7.2
CVE-2019-16318
HIGH
pimcore < 5.7.1 - Authenticated Unrestricted File Upload via Long Filename Bypass
CVSS 8.8
CVE-2019-16192
CRITICAL
DocCms 2016.5.17 - Remote Code Execution via ZIP Archive Upload in Module Management
CVSS 9.8
CVE-2019-16131
HIGH
OKLite 1.2.25 - Arbitrary File Upload via ZIP Archive Extraction
CVSS 8.8
CVE-2019-13187
CRITICAL
Rich Text Formatter < 1.1.1 - Arbitrary File Upload via content.fileupload.php
CVSS 9.8
CVE-2019-13976
CRITICAL
eGain Chat 15.0.3 - Info Disclosure
CVSS 9.8
CVE-2019-15813
HIGH
Sentrifugo 3.2 - Authenticated Arbitrary File Upload via Restriction Bypass
CVSS 8.8
CVE-2019-15866
HIGH
crelly_slider < 1.3.5 - Unauthenticated Arbitrary File Upload via ZIP Archive Import
CVSS 8.8
CVE-2019-15649
HIGH
insert_or_embed_articulate_content < 4.2999 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2019-15524
CRITICAL
CSZ CMS 1.2.3 - Unrestricted File Upload and Remote Code Execution via File Management Module
CVSS 9.8
CVE-2019-11031
CRITICAL
Mirasys VMS < 7.6.1 and 8.x < 8.3.2 - Unauthenticated RCE via Auto-Update File Upload
CVSS 9.8
CVE-2019-15091
CRITICAL
Artica Integria IMS 5.0.86 - Unrestricted File Upload via filemgr.php
CVSS 9.8
CVE-2019-14755
HIGH
Leaf Admin 61.9.0212.10 - Unrestricted Upload of File with Dangerous Type via Profile Photo Feature
CVSS 8.8
CVE-2019-5395
HIGH
HPE 3PAR Service Processor <5.0.5.1 - RCE
CVSS 8.8
CVE-2019-14748
MEDIUM
osTicket <1.10.7/1.12.x<1.12.1 - Unrestricted File Upload & Stored XSS via Ticket Form
CVSS 5.4
CVE-2019-7930
HIGH
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Arbitrary File Upload via Import Configuration Bypass
CVSS 7.2
CVE-2019-7912
HIGH
Magento <2.1.18-2.3.2 - Auth Bypass
CVSS 7.2
CVE-2019-7861
HIGH
Magento <2.1.18-2.3.2 - Auth Bypass
CVSS 7.5
Details
Vulnerabilities
4,133
Exploit Likelihood
Medium