CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2018-19126 CRITICAL
PrestaShop 1.6.0.1-1.6.1.22 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2018-9208 CRITICAL
jQuery Picture Cut <= 1.1Beta - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2018-18942 HIGH
baserCMS < 4.1.4 - Remote Code Execution via Theme Config Logo Upload
CVSS 7.2
CVE-2018-18934 CRITICAL
PopojiCMS 2.0.1 - Unauthenticated Arbitrary File Upload via fupload Parameter
CVSS 9.8
CVE-2018-1552 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 - Unrestricted Upload of File with Dangerous Type
CVSS 5.5
CVE-2018-18888 CRITICAL
laravelcms < 2018-04-02 - Arbitrary PHP File Upload via Profile Controller
CVSS 9.8
CVE-2018-18874 CRITICAL
nc-cms < 2017-03-10 - Remote Code Execution via File Manager Upload
CVSS 9.8
CVE-2018-18830 CRITICAL
MCMS 4.6.5 - Unauthenticated Arbitrary File Upload via FileAction.java
CVSS 9.8
CVE-2018-18771 HIGH
lulu_cms < 2015-05-14 - Unauthenticated Arbitrary File Upload via File Manager
CVSS 7.5
CVE-2018-18752 CRITICAL
Webiness Inventory 2.3 - Arbitrary File Upload via Logo Parameter
CVSS 9.8
CVE-2018-18475 CRITICAL
Zoho ManageEngine OpManager < 12.3 build 123214 - Unrestricted Arbitrary File Upload
CVSS 9.8
CVE-2018-18382 HIGH
Advanced HRM 1.6 - Remote Code Execution via User Avatar Upload
CVSS 8.8
CVE-2018-18315 HIGH
mossle lemon 1.9.0 - Unrestricted Upload of File with Dangerous Type via CdnController
CVSS 7.5
CVE-2018-9206 CRITICAL
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
CVSS 9.8
CVE-2018-18086 HIGH
EmpireCMS 7.5 - Authenticated Arbitrary File Upload via LoadInMod Function
CVSS 8.8
CVE-2018-17442 HIGH
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
CVSS 8.8
CVE-2018-17440 CRITICAL
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
CVSS 9.8
CVE-2018-15424 MEDIUM
Cisco Identity Services Engine - Authenticated Remote Command Execution via Unrestricted File Upload
CVSS 4.7
CVE-2018-17553 HIGH
Navigate CMS 2.8 - Authenticated Remote Code Execution via Directory Traversal in navigate_upload.php
CVSS 8.8
CVE-2018-17573 CRITICAL
WP-Insert < 2.4.2 - Arbitrary File Upload via FCKeditor File Manager
CVSS 9.8
CVE-2018-17055 HIGH
Progress Sitefinity CMS <11.0 - File Upload
CVSS 7.5
CVE-2018-15961 CRITICAL KEV
Adobe ColdFusion July 12 release (2018.0.0.310739) Update 6 and earlier Update 14 and earlier - Unrestricted File Upload
CVSS 9.8
CVE-2018-16821 MEDIUM
SeaCMS 6.64 - Unauthenticated Arbitrary Directory Listing via admin_template.php Path Parameter
CVSS 5.3
CVE-2018-17139 HIGH
UltimatePOS 2.5 - Unauthenticated Remote Code Execution via Arbitrary File Upload
CVSS 8.8
CVE-2018-16287 CRITICAL
LG SuperSign CMS - Unrestricted Upload of File with Dangerous Type via signEzUI Playlist Upload
CVSS 9.8
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits