CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2019-9842 HIGH
MiniBlog < 2018-05-18 - Remote Code Execution via Base64-Encoded ASPX File Upload
CVSS 7.2
CVE-2019-10959 CRITICAL
BD Alaris Gateway Workstation Firmware 1.1.3 Build 10/11/15/14/13 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2019-7838 CRITICAL
ColdFusion <Update 3 - Code Injection
CVSS 9.8
CVE-2019-4069 HIGH
IBM Intelligent Operations Center 5.1.0-5.2.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2019-4056 MEDIUM
IBM Maximo Asset Management 7.6 - Unrestricted Upload of File with Dangerous Type
CVSS 4.3
CVE-2019-9189 HIGH
Prima Systems FlexAir < 2.3.38 - Authenticated Arbitrary File Upload and Remote Code Execution via Python Script Upload
CVSS 8.8
CVE-2019-9642 CRITICAL
Pydio < 8.2.2 - Unauthenticated Remote Code Execution via Proxy PHP File Inclusion
CVSS 9.8
CVE-2019-1861 HIGH
Cisco Industrial Network Director - RCE
CVSS 7.2
CVE-2019-5357 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2019-12548 HIGH
Bludit < 3.9.0 - Authenticated Remote Code Execution via Logo Upload
CVSS 8.8
CVE-2019-11185 CRITICAL
3cx Live Chat < 8.0.26 - Unauthenticated Arbitrary File Upload via REST API Remote Upload Endpoint
CVSS 9.8
CVE-2019-12377 CRITICAL
Ivanti LANDESK Management Suite 10.0.1.168 SU5 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2019-7816 CRITICAL
ColdFusion Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2019-12150 CRITICAL
Karamasoft UltimateEditor 1 - Info Disclosure
CVSS 9.8
CVE-2019-6513 MEDIUM
WSO2 API Manager 2.6.0 - Authenticated Unrestricted File Upload via API Documentation
CVSS 5.4
CVE-2019-12185 HIGH
elabftw 1.8.5 - Authenticated Arbitrary File Upload via EntityController
CVSS 8.8
CVE-2019-12170 HIGH
ATutor <= 2.2.4 - Authenticated Arbitrary File Upload via Backup ZIP Archive
CVSS 8.8
CVE-2019-11887 CRITICAL
SimplyBook.me < 2019-05-11 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2019-12099 HIGH
php-fusion < 9.03.00 - Authenticated Remote Code Execution via Avatar Upload
CVSS 8.8
CVE-2019-8404 MEDIUM
Webiness Inventory 2.3 - Arbitrary File Upload via Product Image
CVSS 6.5
CVE-2019-10869 HIGH
Ninja Forms File Uploads < 3.0.23 - Path Traversal and Unrestricted File Upload via Upload Field Parameters
CVSS 8.1
CVE-2019-11807 HIGH
WooCommerce Checkout Manager <4.3 - Info Disclosure
CVSS 7.5
CVE-2019-11615 HIGH
doorgets_cms 7.0 - Authenticated Arbitrary File Upload via fileman/php/upload.php
CVSS 8.8
CVE-2019-11568 HIGH
AikCms 2.0 - Unrestricted Upload of File with Dangerous Type via admin/page/system/nav.php
CVSS 8.8
CVE-2019-8992 HIGH
TIBCO ActiveMatrix BPM <= 4.2.0 - Unauthenticated Arbitrary Code Upload and Execution via DAA Archive
CVSS 8.8
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits