CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,134 vulnerabilities with CWE-434
CVE-2018-14334 CRITICAL
joyplus-cms 1.6.0 - Unauthenticated Arbitrary File Upload via editor/upload.php
CVSS 9.8
CVE-2018-13981 CRITICAL
Zeta Producer Desktop CMS < 14.2.1 - Unauthenticated Remote Code Execution via PHP File Upload
CVSS 9.8
CVE-2018-12980 HIGH
WAGO e!DISPLAY 762-3000/3001/3002/3003 < FW 02 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2018-1000619 HIGH
Ovidentia <8.4.3 - Authenticated RCE
CVSS 8.8
CVE-2018-11638 HIGH
Dialogic PowerMedia XMS <= 3.5 - Authenticated Unrestricted File Upload
CVSS 7.2
CVE-2018-12426 CRITICAL
WP Live Chat Support Pro <8.0.07 - RCE
CVSS 9.8
CVE-2018-12528 HIGH
Intex N150 Firmware - Unrestricted Upload of Dangerous File Type via Backup/Restore Function
CVSS 8.1
CVE-2018-13038 CRITICAL
OpenSID 18.06-pasca - Unrestricted File Upload via Article Attachment
CVSS 9.8
CVE-2018-13024 HIGH
Metinfo v6.0.0 - Unauthenticated Arbitrary PHP File Upload via admin/column/save.php Module Parameter
CVSS 7.2
CVE-2018-13021 HIGH
HongCMS 3.0.0 - Unauthenticated Arbitrary File Upload via Template Upload Endpoint
CVSS 7.2
CVE-2018-12914 CRITICAL
PublicCMS V4.0.20180210 - Remote Code Execution via ZIP Archive Directory Traversal
CVSS 9.8
CVE-2018-1000544 CRITICAL
rubyzip < 1.2.1 - Directory Traversal and Arbitrary File Write via Zip::File Component
CVSS 9.8
CVE-2018-0571 MEDIUM
baserCMS 3.0.0-3.0.15 and 4.0.0-4.1.0.1 - Authenticated Arbitrary File Upload
CVSS 4.3
CVE-2018-12519 HIGH
ShopNx through 2017-11-17 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2018-11221 CRITICAL
Artica Pandora FMS <= 7.23 - Unauthenticated Arbitrary File Upload via Update Manager
CVSS 9.8
CVE-2018-12491 CRITICAL
PHPOK 4.9.032 - Arbitrary File Upload via Import Function
CVSS 9.8
CVE-2018-12263 HIGH
portfolioCMS 1.0.5 - Code Injection
CVSS 8.8
CVE-2018-1453 HIGH
IBM Security Identity Manager Virtual Appliance 7.0 - File Upload
CVSS 8.8
CVE-2018-12051 CRITICAL
PHP Scripts Mall Schools Alert Mgmt - RCE
CVSS 9.8
CVE-2018-12045 CRITICAL
dedecms <= V5.7SP2 - Arbitrary File Upload via upfile1 Parameter
CVSS 9.8
CVE-2018-3758 HIGH
express-cart < 1.1.7 - Authenticated Path Traversal and Remote Code Execution
CVSS 8.8
CVE-2018-1265 HIGH
Cloudfoundry Cf-deployment < 1.37.0 - Unrestricted File Upload
CVSS 7.2
CVE-2018-11736 CRITICAL
Pluck < 4.7.7-dev2 - Unauthenticated Arbitrary PHP File Upload via .htaccess MIME Type Bypass
CVSS 9.8
CVE-2018-11196 HIGH
Mahara 17.04.0-17.04.7, 17.10.0-17.10.4, 18.04.0 - Unrestricted Upload of File with Dangerous Type via Leap2A Archive
CVSS 7.5
CVE-2018-11392 HIGH
PHP Login & User Management < 4.1.1 - Authenticated Arbitrary File Upload via Profile Avatar
CVSS 8.8
Details
Vulnerabilities 4,134
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits