CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,134 vulnerabilities with CWE-434
CVE-2018-11523 CRITICAL
NUUO NVRmini 2 Firmware < 3.6.5 - Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2018-11514 HIGH
Naukri Clone Script < 3.0.3 - Unrestricted File Upload via edit_resume_det.php
CVSS 8.8
CVE-2018-6411 CRITICAL
MachForm - Unrestricted Upload of File with Dangerous Type via SQL Injection in ap_form_elements
CVSS 9.8
CVE-2018-11494 HIGH
OpenCart < 3.0.2.0 - Arbitrary Code Execution via Program Extension Upload Directory Traversal
CVSS 8.0
CVE-2018-10648 CRITICAL
Citrix XenMobile Server <10.8 - Unauthenticated File Upload
CVSS 9.8
CVE-2018-11322 HIGH
Joomla! < 3.8.8 - Unrestricted Upload of PHAR Files
CVSS 7.5
CVE-2018-11345 HIGH
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Unrestricted File Upload and Path Traversal via upload.cgi filename Parameter
CVSS 8.8
CVE-2018-11340 HIGH
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Unauthenticated Arbitrary File Upload via importuser.cgi
CVSS 7.2
CVE-2018-11331 CRITICAL
Pluck < 4.7.6 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2018-4921 MEDIUM
Adobe Connect < 9.7 - Unrestricted SWF File Upload
CVSS 6.1
CVE-2018-10760 HIGH
ProjectPier < 0.8.8 - Authenticated Arbitrary PHP File Upload via Files Plugin
CVSS 8.8
CVE-2018-7505 CRITICAL
Advantech Webaccess < 8.2_20170817 - Unrestricted File Upload
CVSS 9.8
CVE-2018-11098 HIGH
Frog CMS 0.9.5 - Unauthenticated Unrestricted File Upload via File Manager Plugin
CVSS 7.2
CVE-2018-11091 CRITICAL
MyBiz MyProcureNet 5.0.0 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2018-0587 MEDIUM
Ultimatemember User Profile & Membership - Unrestricted File Upload
CVSS 4.3
CVE-2018-0568 HIGH
SiteBridge Joruri Gw < 3.2.0 - Authenticated Arbitrary PHP Code Execution via File Upload
CVSS 8.8
CVE-2018-10942 CRITICAL
Attribute Wizard 1.6.9 - Unauthenticated Remote Code Execution via .phtml File Upload
CVSS 9.8
CVE-2018-2420 MEDIUM
SAP Internet Graphics Server 7.20 7.20EXT 7.45 7.49 7.53 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2018-10795 HIGH
Liferay Portal < 6.2.5 - Authenticated Unrestricted Upload of File with Dangerous Type via FCKeditor Configuration
CVSS 8.8
CVE-2018-0258 CRITICAL
Cisco Prime DCNM & Infrastructure - Path Traversal & Arbitrary File Write via File Upload
CVSS 9.8
CVE-2018-10577 HIGH
WatchGuard AP100-AP200/AP300 <1.2.9.15/<2.0.0.10 - RCE
CVSS 8.8
CVE-2018-10521 LOW
CMS Made Simple < 2.2.7 - Authenticated Arbitrary File Movement via Admin Dashboard File Move Operation
CVSS 2.7
CVE-2018-10469 CRITICAL
b3log Symphony 2.6.0 - Unauthenticated Arbitrary JSP File Upload via /upload name[] Parameter
CVSS 9.8
CVE-2018-10375 CRITICAL
DedeCMS V5.7 SP2 - Unrestricted File Upload via archives_do.php litpic Parameter
CVSS 9.8
CVE-2018-10173 HIGH
Digital Guardian Management Console 7.1.2.0015 - Authenticated RCE
CVSS 8.8
Details
Vulnerabilities 4,134
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits