CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2019-3960 HIGH
WallacePOS 1.4.3 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2019-10267 HIGH
Ahsay Cloud Backup Suite 7.7.0.0-8.1.0.50 - Unauthenticated Arbitrary File Upload RCE
CVSS 8.8
CVE-2019-1010209 HIGH
GoUrl.io GoURL Wordpress Plugin <1.4.14 - Unauthenticated RCE
CVSS 7.5
CVE-2019-1010123 HIGH
MODX Revolution Gallery 1.7.0 - Unrestricted Upload
CVSS 7.5
CVE-2019-12326 HIGH
Akuvox R50P VoIP phone <50.0.6.156 - Code Injection
CVSS 7.2
CVE-2019-13984 HIGH
Directus 7 API <2.3.0 - Info Disclosure
CVSS 8.8
CVE-2019-13980 HIGH
Directus 7 API < 2.3.0 - Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2019-13979 HIGH
Directus 7 API < 2.2.1 - Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2019-13973 CRITICAL
LayerBB 1.1.3 - Unrestricted Upload of File with Dangerous Type via Custom Logo
CVSS 9.8
CVE-2019-13359 HIGH
Webpanel - Unrestricted File Upload
CVSS 7.5
CVE-2019-1010062 CRITICAL
PluckCMS <4.7.4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2019-10935 HIGH
SIMATIC PCS 7 and WinCC - Authenticated Arbitrary File Upload via DataMonitor Web Application
CVSS 7.2
CVE-2019-10930 HIGH
SIPROTEC 5 and DIGSI 5 Engineering Software < V7.90 - Unauthenticated Arbitrary File Access via TCP Port 443
CVSS 7.5
CVE-2019-12803 CRITICAL
Hunesion i-oneNet 3.0.7-3.0.53 and 4.0.4-4.0.16 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2019-0327 HIGH
SAP NetWeaver Application Server Java 7.1-7.5 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2019-13464 HIGH
OWASP ModSecurity Core Rule Set 3.0.2 - Unrestricted PHP Script Upload via X.Filename Bypass
CVSS 7.5
CVE-2019-12971 CRITICAL
BKS EBK Ethernet-Buskoppler Pro < 3.01 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2019-13294 CRITICAL
AROX School-ERP Pro - Unauthenticated Remote Code Execution via import_stud.php and upload_fille.php
CVSS 9.8
CVE-2019-7257 CRITICAL
Linear eMerge E3-Series - Unrestricted File Upload
CVSS 10.0
CVE-2019-7268 CRITICAL
Linear eMerge 50P/5000P - Unauthenticated File Upload
CVSS 10.0
CVE-2019-4292 HIGH
IBM Security Guardium 10.5 - Unrestricted File Upload
CVSS 8.8
CVE-2019-7274 CRITICAL
Optergy Proton/Enterprise - Code Injection
CVSS 9.8
CVE-2019-7669 HIGH
Prima Systems FlexAir <2.3.38 - Code Injection
CVSS 8.8
CVE-2019-13082 CRITICAL
Chamilo LMS 1.11.8 and 2.x - Unauthenticated Remote Code Execution via ZIP Archive Extraction in LP Upload
CVSS 9.8
CVE-2019-12744 HIGH
seeddms < 5.1.11 - Remote Command Execution via Unvalidated PHP File Upload
CVSS 7.5
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits