CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,133 vulnerabilities with CWE-434
CVE-2019-9609
HIGH
ofcms < 1.1.3 - Remote Code Execution via File Upload Bypass
CVSS 8.8
CVE-2019-9608
HIGH
ofcms < 1.1.3 - Remote Code Execution via File Upload with Alternate Data Stream
CVSS 8.8
CVE-2019-9581
HIGH
phpscheduleit Booked Scheduler <2.7.5 - RCE
CVSS 8.8
CVE-2019-9572
HIGH
SchoolCMS 2.3.1 - Unauthenticated Arbitrary PHP File Upload via Theme Upload Feature
CVSS 7.2
CVE-2019-9181
HIGH
SchoolCMS 2.3.1 - Unauthenticated Arbitrary File Upload via Logo Upload Feature
CVSS 7.2
CVE-2019-9050
HIGH
Pluck 4.7.9-dev1 - Authenticated Remote Code Execution via Module Install ZIP Upload
CVSS 7.2
CVE-2019-9042
HIGH
Sitemagic CMS - Unrestricted Upload of File with Dangerous Type via SMFiles URI
CVSS 7.2
CVE-2019-8942
HIGH
WordPress < 4.9.9 and 5.x < 5.0.1 - Authenticated Remote Code Execution via Image Metadata
CVSS 8.8
CVE-2019-8933
HIGH
DedeCMS 5.7SP2 - Unauthenticated Arbitrary File Upload via Template Management
CVSS 8.8
CVE-2019-8433
HIGH
JTBC(PHP) 3.0.1.8 - Arbitrary File Upload via File Management Console
CVSS 7.5
CVE-2019-8394
MEDIUM
KEV
ManageEngine ServiceDesk Plus < 10.0 - Unauthenticated Arbitrary File Upload via Login Page Customization
CVSS 6.5
CVE-2019-8362
HIGH
DedeCMS <= V5.7SP2 - Arbitrary File Upload via album_edit.php ZIP Archive
CVSS 7.5
CVE-2019-0259
CRITICAL
SAP BusinessObjects 4.2-4.3 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2019-7721
HIGH
nc-cms 3.5 - Unrestricted Upload of File with Dangerous Type via index.php editordata Parameter
CVSS 7.5
CVE-2019-7684
CRITICAL
inxedu <2018-12-24 - Code Injection
CVSS 9.8
CVE-2019-6139
CRITICAL
Forcepoint User ID < 1.3.0 - Remote Arbitrary File Upload via TCP Port 5001
CVSS 9.8
CVE-2019-0017
MEDIUM
Junos Space - Unrestricted Upload of File with Dangerous Type via Device Image Upload
CVSS 6.5
CVE-2019-5009
HIGH
vtiger CRM < 7.1.0 - Unauthenticated Remote Code Execution via PHP3 Logo Upload Bypass
CVSS 7.2
CVE-2018-25436
CRITICAL
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload
CVSS 9.8
CVE-2018-25409
HIGH
SIM-PKH 2.4.1 - Arbitrary File Upload via aksi_pengurus.php
CVSS 8.8
CVE-2018-25388
HIGH
HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php
CVSS 8.8
CVE-2018-25258
HIGH
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass
CVSS 8.4
CVE-2018-25171
HIGH
EdTv 2 - Unauthenticated SQL Injection via 'id' Parameter
CVSS 8.2
CVE-2018-25168
MEDIUM
Precurio Intranet Portal 2.0 - CSRF
CVSS 4.3
CVE-2018-25162
MEDIUM
2-Plan Team 1.0.4 - Authenticated RCE
CVSS 6.5
Details
Vulnerabilities
4,133
Exploit Likelihood
Medium