CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,021 vulnerabilities with CWE-434
CVE-2017-15957 HIGH
Ingenious School Management System - Unrestricted File Upload
CVSS 8.8
CVE-2017-15580 CRITICAL
Osticket - Unrestricted File Upload
CVSS 9.8
CVE-2017-1000119 HIGH
October CMS <build 412 - Code Injection
CVSS 7.2
CVE-2017-12617 HIGH KEV
Apache Tomcat < 7.0.82 - Unrestricted File Upload
CVSS 8.1
CVE-2017-6090 HIGH
Phpcollab < 2.5.1 - Unrestricted File Upload
CVSS 8.8
CVE-2017-14958 HIGH
Pivotx - Unrestricted File Upload
CVSS 7.2
CVE-2017-13982 HIGH
HPE BSM <9.26-9.40 - Path Traversal
CVSS 8.8
CVE-2017-14841 MEDIUM
Mojoomla AMC - Arbitrary File Upload
CVSS 6.5
CVE-2017-14840 HIGH
TeamWork TicketPlus - Code Injection
CVSS 8.8
CVE-2017-14839 HIGH
TeamWork Photo Fusion - Arbitrary File Upload
CVSS 8.8
CVE-2017-14838 HIGH
TeamWork Job Links - Path Traversal
CVSS 8.8
CVE-2017-14704 HIGH
Claydip Laravel Airbnb Clone 1.0 - RCE
CVSS 8.8
CVE-2017-14079 HIGH
Trend Micro Mobile Security <9.7.3 - RCE
CVSS 8.8
CVE-2017-12929 HIGH
Tecnovision Dlx Spot Player4 - Unrestricted File Upload
CVSS 8.8
CVE-2017-12615 HIGH KEV
Apache Tomcat < 7.0.79 - Unrestricted File Upload
CVSS 8.1
CVE-2017-1002016 CRITICAL
WordPress Plugin Flickr-Picture-Backup <0.7 - Unauthenticated RCE
CVSS 9.8
CVE-2017-1002008 CRITICAL
Membership Simplified - Unrestricted File Upload
CVSS 9.8
CVE-2017-1002003 CRITICAL
Wp2android-turn-wp-site-into-android-app - Unrestricted File Upload
CVSS 9.8
CVE-2017-1002002 CRITICAL
WordPress Plugin Webapp-Builder v2.0 - Info Disclosure
CVSS 9.8
CVE-2017-1002001 CRITICAL
WordPress Plugin Mobile-App-Build By Wappress <1.05 - Info Disclosure
CVSS 9.8
CVE-2017-1002000 CRITICAL
Mobile-friendly-app-builder-by-easytouch - Unrestricted File Upload
CVSS 9.8
CVE-2017-14399 HIGH
BlackCat CMS 1.2.2 - File Upload
CVSS 8.8
CVE-2017-14346 CRITICAL
tianchoy/blog <2017-09-12 - RCE
CVSS 9.8
CVE-2017-14251 HIGH
TYPO3 7.6.0-7.6.21, 8.0.0-8.7.4 - RCE
CVSS 8.8
CVE-2017-14123 HIGH
Zoho ManageEngine Firewall Analyzer 12200 - RCE
CVSS 8.8
Details
Vulnerabilities 4,021
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits