VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 21 of 84
  • CVE-2018-16731CriSep 8, 2018
    risk 0.64cvss 9.8epss 0.01

    CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

  • CVE-2018-0645CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.02

    MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.

  • CVE-2018-16370CriSep 3, 2018
    risk 0.64cvss 9.8epss 0.02

    In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.

  • CVE-2018-16352CriSep 2, 2018
    risk 0.64cvss 9.8epss 0.01

    There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.

  • CVE-2018-14441CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type.

  • CVE-2018-14334CriJul 17, 2018
    risk 0.64cvss 9.8epss 0.02

    manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to…

  • CVE-2016-9492CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.03

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include…

  • CVE-2018-12426CriJul 2, 2018
    risk 0.64cvss 9.8epss 0.05

    The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

  • CVE-2018-13038CriJul 1, 2018
    risk 0.64cvss 9.8epss 0.02

    OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.

  • CVE-2018-12914CriJun 27, 2018
    risk 0.64cvss 9.8epss 0.04

    A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

  • CVE-2018-1000544CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.04

    rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can…

  • CVE-2018-11221CriJun 16, 2018
    risk 0.64cvss 9.8epss 0.05

    Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.

  • CVE-2018-12491CriJun 15, 2018
    risk 0.64cvss 9.8epss 0.02

    PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.

  • CVE-2018-12051CriJun 8, 2018
    risk 0.64cvss 9.8epss 0.03

    Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.

  • CVE-2018-12045CriJun 8, 2018
    risk 0.64cvss 9.8epss 0.01

    DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.

  • CVE-2018-10648CriMay 23, 2018
    risk 0.64cvss 9.8epss 0.01

    There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2018-7505CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the…

  • CVE-2018-10469CriApr 27, 2018
    risk 0.64cvss 9.8epss 0.02

    b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.

  • CVE-2018-10375CriApr 25, 2018
    risk 0.64cvss 9.8epss 0.01

    A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is…

  • CVE-2015-9259CriMar 31, 2018
    risk 0.64cvss 9.8epss 0.01

    In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to…