CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 55 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3375 | Hig | 0.47 | 7.2 | 0.01 | Sep 5, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection. This issue affects Bookreen: before 3.0.0. | ||
| CVE-2023-24249 | — | Hig | 0.47 | 7.2 | 0.02 | Feb 27, 2023 | An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | |
| CVE-2022-42092 | — | Hig | 0.47 | 7.2 | 0.01 | Oct 7, 2022 | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required. | |
| CVE-2021-41938 | — | Hig | 0.47 | 7.2 | 0.01 | May 19, 2022 | An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | |
| CVE-2021-44255 | — | Hig | 0.47 | 7.2 | 0.03 | Jan 31, 2022 | Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. | |
| CVE-2021-40324 | — | Hig | 0.47 | 7.5 | 0.69 | Oct 4, 2021 | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | |
| CVE-2021-23394 | — | Hig | 0.47 | 8.1 | 0.19 | Jun 13, 2021 | The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. | |
| CVE-2020-22643 | — | Hig | 0.47 | 7.2 | 0.02 | Jan 26, 2021 | Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. | |
| CVE-2019-16530 | — | Hig | 0.47 | 7.2 | 0.03 | Oct 21, 2019 | Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | |
| CVE-2018-18942 | — | Hig | 0.47 | 7.2 | 0.02 | Nov 5, 2018 | In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | |
| CVE-2018-14911 | Hig | 0.47 | 7.2 | 0.01 | Aug 3, 2018 | A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain… | ||
| CVE-2018-11638 | Hig | 0.47 | 7.2 | 0.04 | Jul 3, 2018 | Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | ||
| CVE-2018-13024 | Hig | 0.47 | 7.2 | 0.01 | Jun 29, 2018 | Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | ||
| CVE-2018-13021 | Hig | 0.47 | 7.2 | 0.02 | Jun 29, 2018 | An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | ||
| CVE-2018-1265 | Hig | 0.47 | 7.2 | 0.02 | Jun 6, 2018 | Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps… | ||
| CVE-2018-11340 | Hig | 0.47 | 7.2 | 0.02 | May 22, 2018 | An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed. | ||
| CVE-2018-11098 | Hig | 0.47 | 7.2 | 0.01 | May 15, 2018 | An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. | ||
| CVE-2018-9153 | Hig | 0.47 | 7.2 | 0.01 | Apr 16, 2018 | The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component… | ||
| CVE-2018-7567 | Hig | 0.47 | 7.2 | 0.05 | Mar 4, 2018 | In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a… | ||
| CVE-2017-9970 | Hig | 0.47 | 7.2 | 0.05 | Feb 12, 2018 | A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to… |
- risk 0.47cvss 7.2epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection. This issue affects Bookreen: before 3.0.0.
- risk 0.47cvss 7.2epss 0.02
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.47cvss 7.2epss 0.01
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.
- risk 0.47cvss 7.2epss 0.03
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.
- risk 0.47cvss 7.5epss 0.69
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
- risk 0.47cvss 8.1epss 0.19
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
- risk 0.47cvss 7.2epss 0.02
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
- risk 0.47cvss 7.2epss 0.03
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
- risk 0.47cvss 7.2epss 0.02
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
- risk 0.47cvss 7.2epss 0.01
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain…
- risk 0.47cvss 7.2epss 0.04
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.
- risk 0.47cvss 7.2epss 0.01
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
- risk 0.47cvss 7.2epss 0.02
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps…
- risk 0.47cvss 7.2epss 0.02
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
- risk 0.47cvss 7.2epss 0.01
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component…
- risk 0.47cvss 7.2epss 0.05
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a…
- risk 0.47cvss 7.2epss 0.05
A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to…