CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,133 vulnerabilities with CWE-434
CVE-2018-16796 HIGH
HiScout GRC Suite <3.1.5 - File Upload
CVSS 8.8
CVE-2018-16974 CRITICAL
Elefant CMS <2.0.7 - Code Injection
CVSS 9.8
CVE-2018-16388 HIGH
e107 2.1.8 - Unauthenticated Arbitrary PHP File Upload via plupload
CVSS 7.2
CVE-2018-16731 CRITICAL
CScms 4.1 - Unauthenticated Arbitrary File Upload via Filetype List Manipulation
CVSS 9.8
CVE-2018-0645 CRITICAL
MTAppjQuery <= 1.8.1 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2018-1000658 HIGH
LimeSurvey < 3.14.4 - Authenticated Remote Code Execution via Malicious ZIP Archive Upload
CVSS 8.8
CVE-2018-16397 MEDIUM
LimeSurvey < 3.14.7 - Authenticated Arbitrary File Read via File Upload Question
CVSS 4.9
CVE-2018-16373 MEDIUM
Frog CMS 0.9.5 - Unauthenticated Arbitrary File Upload via File Manager Plugin
CVSS 4.9
CVE-2018-16370 CRITICAL
PESCMS Team 2.2.1 - Unauthenticated Arbitrary PHP File Upload via ZIP Archive
CVSS 9.8
CVE-2018-16352 CRITICAL
WeaselCMS 0.3.6 - Unauthenticated PHP Code Upload via PNG File
CVSS 9.8
CVE-2018-15882 CRITICAL
Joomla! < 3.8.12 - Unrestricted Upload of File with Dangerous Type via PHAR File Bypass
CVSS 9.8
CVE-2018-3832 CRITICAL
Insteon Hub 2245-222 Firmware 1013 - Unrestricted Firmware Upload via MPFS Binary
CVSS 9.0
CVE-2018-1000646 HIGH
LibreHealthIO LH-EHR REL-2.0.0 - Auth Bypass
CVSS 8.8
CVE-2018-15573 HIGH
Reprise License Manager < 16.1 - Unauthenticated Arbitrary File Write via /goform/edit_lf_process
CVSS 8.8
CVE-2018-12256 HIGH
LiteCart <2.1.3 - Authenticated RCE
CVSS 8.8
CVE-2018-15139 HIGH
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
CVSS 8.8
CVE-2018-14028 HIGH
WordPress 4.9.7 - Authenticated Unrestricted PHP File Upload via Plugin Uploader
CVSS 7.2
CVE-2018-15137 CRITICAL
CeLa Link CLR-M20 - Unauthenticated Remote Code Execution via WebDAV PUT Method
CVSS 9.8
CVE-2018-14857 HIGH
OCS Inventory NG OCS Inventory Server < 2.5 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2018-14911 HIGH
ukcms < 1.1.7 - Authenticated Arbitrary File Upload via Upload File Suffix Bypass
CVSS 7.2
CVE-2018-12468 CRITICAL
Micro Focus GroupWise <18.0.2 - RCE
CVSS 9.1
CVE-2018-12940 HIGH
SeedDMS < 5.1.8 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2018-14570 HIGH
Niushop B2C Multi-business basic V1.11 - RCE
CVSS 8.8
CVE-2018-14441 CRITICAL
cckevincyh SSH CompanyWebsite <2018-05-03 - File Upload
CVSS 9.8
CVE-2018-14334 CRITICAL
joyplus-cms 1.6.0 - Unauthenticated Arbitrary File Upload via editor/upload.php
CVSS 9.8
Details
Vulnerabilities 4,133
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits