CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,137 vulnerabilities with CWE-434
CVE-2017-11405 MEDIUM
CMS Made Simple 2.2.2 - Authenticated Arbitrary File Upload via FilePicker Type Manipulation
CVSS 4.9
CVE-2017-11404 MEDIUM
CMS Made Simple 2.2.2 - Authenticated Arbitrary File Upload via FileManager
CVSS 4.9
CVE-2017-1000081 CRITICAL
ONOS 1.9.0 - Unauthenticated Remote Code Execution via Application Upload
CVSS 9.8
CVE-2017-6041 CRITICAL
Marel M3000/M3210 Terminal and Desktop Software - Unrestricted Firmware Upload
CVSS 9.8
CVE-2017-9840 HIGH
Dolibarr ERP/CRM <5.0.3 - Code Injection
CVSS 8.8
CVE-2017-4990 CRITICAL
EMC Avamar Server Software <7.4.1-58 - RCE
CVSS 9.8
CVE-2017-9380 HIGH
OpenEMR < 5.0.0 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2017-9364 CRITICAL
BigTree CMS <4.2.18 - Code Injection
CVSS 9.8
CVE-2017-9101 CRITICAL
PlaySMS 1.4 - Remote Code Execution
CVSS 9.8
CVE-2017-9080 HIGH
PlaySMS 1.4 - Remote Code Execution
CVSS 8.8
CVE-2017-6027 CRITICAL
CODESYS Web Server < 2.3 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2017-9069 HIGH
MODX Revolution <2.5.7 - Code Injection
CVSS 8.8
CVE-2017-8080 HIGH
Hipchat Server < 2.2.3 - Authenticated Remote Code Execution via Image Upload
CVSS 8.8
CVE-2017-7989 MEDIUM
Joomla! 3.2.0-3.6.5 - Unrestricted Upload of Dangerous File Type via Inadequate MIME Check
CVSS 6.5
CVE-2017-7357 CRITICAL
Hipchat Server < 2.2.3 - Authenticated Remote Code Execution via File Import
CVSS 9.1
CVE-2017-7281 HIGH
Unitrends Enterprise Backup <9.1.2 - RCE
CVSS 8.8
CVE-2017-7695 CRITICAL
BigTree CMS <4.2.17 - Code Injection
CVSS 9.8
CVE-2017-6104 HIGH
Wordpress Plugin Mobile App Native 3.0 - Remote File Upload
CVSS 7.5
CVE-2017-5520 HIGH
GeniXCMS < 0.0.8 - Unrestricted Upload of File with Dangerous Type via Media Rename Feature
CVSS 8.8
CVE-2016-20052 CRITICAL
Snews CMS 1.7 Unrestricted File Upload via snews_files
CVSS 9.8
CVE-2016-15046 HIGH
Hanwha Smart Security Manager 1.32 and 1.4 - Remote Code Execution via Apache ActiveMQ PUT Method
CVE-2016-15043 CRITICAL
WP Mobile Detector <3.5 - File Upload
CVSS 9.8
CVE-2016-15042 CRITICAL
WordPress <4.0, WordPress <1.1 - Unauthenticated RCE
CVSS 9.8
CVE-2016-15033 CRITICAL
WordPress Delete All Comments <2.0 - File Upload
CVSS 9.8
CVE-2016-6918 CRITICAL
Lexmark Markvision Enterprise < 2.4.1 - Remote Code Execution via File Upload
CVSS 9.8
Details
Vulnerabilities 4,137
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits