CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2019-9951 CRITICAL
Western Digital - Unauthenticated File Upload
CVSS 9.8
CVE-2019-11447 HIGH
CutePHP CuteNews 2.1.2 - Code Injection
CVSS 8.8
CVE-2019-11446 HIGH
ATutor < 2.2.4 - Authenticated Arbitrary File Upload via File Manager
CVSS 8.8
CVE-2019-11445 HIGH
OpenKM 6.3.2-6.3.7 - Unauthenticated Remote Code Execution via JSP File Upload
CVSS 7.2
CVE-2019-11401 HIGH
SiteServer CMS 6.9.0 - Authenticated Remote Code Execution via File Extension Manipulation
CVSS 7.2
CVE-2019-11377 HIGH
WCMS v0.3.2 - Arbitrary File Upload
CVSS 8.8
CVE-2019-11344 CRITICAL
Pluck 4.7.8 - Remote Code Execution
CVSS 9.8
CVE-2019-11223 CRITICAL
SupportCandy < 2.0.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2019-4013 CRITICAL
IBM BigFix Platform 9.5.0-9.5.10 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.0
CVE-2019-3940 CRITICAL
Advantech WebAccess 8.3.4 - Unauthenticated Arbitrary File Upload via RPC
CVSS 9.8
CVE-2019-11028 HIGH
GAT-Ship Web Module < 1.40 - Authenticated Unrestricted File Upload via Documents Area
CVSS 8.8
CVE-2019-10478 HIGH
Glory RBW-100 Firmware ISP-K05-02 7.0.0 - Unrestricted File Upload via glytoolcgi/settingfile_upload.cgi
CVSS 7.2
CVE-2019-3489 HIGH
Micro Focus Content Manager 9.1-9.3 - Unauthenticated Arbitrary File Upload via Web Client
CVSS 7.5
CVE-2019-10652 HIGH
flatcore 1.4.7 - Authenticated Arbitrary PHP File Upload via Addons Feature
CVSS 7.2
CVE-2019-10647 CRITICAL
ZZZCMS zzzphp v1.6.3 - Remote Code Execution via UEditor Catchimage Source Parameter
CVSS 9.8
CVE-2019-10276 CRITICAL
Cobub Razor 0.8.0 - Unrestricted File Upload via uploadify.php
CVSS 9.8
CVE-2019-10012 HIGH
Jenzabar Internet Campus Solution < 9 - Remote Code Execution via MoxieManager ZIP Archive Upload
CVSS 7.5
CVE-2019-3495 HIGH
Wifi-soft UniBox 0.x-2.x - Unauthenticated Arbitrary File Upload via network/mesh/edit-nds.php
CVSS 8.8
CVE-2019-9825 CRITICAL
FeiFeiCMS 4.1.190209 - Unauthenticated Arbitrary File Upload and Remote Code Execution via File Extension Modification
CVSS 9.8
CVE-2019-9692 MEDIUM
CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass
CVSS 6.5
CVE-2019-9185 HIGH
Bolt < 3.6.5 - Remote Code Execution via File Rename to .php Extension
CVSS 8.8
CVE-2019-9623 CRITICAL
Feng Office 3.7.0.5 - Unauthenticated Remote Code Execution via .shtml File Upload
CVSS 9.8
CVE-2019-9617 HIGH
OFCMS < 1.1.3 - Remote Code Execution via Alternate Data Stream Bypass
CVSS 8.8
CVE-2019-9613 HIGH
ofcms < 1.1.3 - Remote Code Execution via Alternate Data Stream Upload
CVSS 7.2
CVE-2019-9612 HIGH
ofcms < 1.1.3 - Remote Code Execution via File Upload with Alternate Data Stream
CVSS 8.8
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits