VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 80 of 84
  • CVE-2022-0912Mar 11, 2022
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.

  • CVE-2022-23043Feb 22, 2022
    risk 0.00cvss epss 0.01

    Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run…

  • CVE-2022-0409Feb 19, 2022
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.

  • CVE-2020-13675Feb 11, 2022
    risk 0.00cvss epss 0.01

    Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by…

  • CVE-2022-0472Feb 4, 2022
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9.

  • CVE-2022-23315Jan 20, 2022
    risk 0.00cvss epss 0.02

    MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

  • CVE-2022-22929Jan 20, 2022
    risk 0.00cvss epss 0.03

    MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

  • CVE-2022-0263Jan 18, 2022
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.

  • CVE-2022-0242Jan 17, 2022
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.

  • CVE-2021-4080Jan 12, 2022
    risk 0.00cvss epss 0.01

    crater is vulnerable to Unrestricted Upload of File with Dangerous Type

  • CVE-2021-23814Dec 17, 2021
    risk 0.00cvss epss 0.02

    This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2.…

  • CVE-2021-23562Dec 3, 2021
    risk 0.00cvss epss 0.01

    This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

  • CVE-2021-3915Nov 13, 2021
    risk 0.00cvss epss 0.01

    bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

  • CVE-2021-41745Oct 22, 2021
    risk 0.00cvss epss 0.01

    ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

  • CVE-2021-3846Oct 19, 2021
    risk 0.00cvss epss 0.01

    firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

  • CVE-2021-40324Oct 4, 2021
    risk 0.00cvss epss 0.69

    Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

  • CVE-2020-21322Sep 15, 2021
    risk 0.00cvss epss 0.02

    An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2021-36440Sep 8, 2021
    risk 0.00cvss epss 0.05

    Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.

  • CVE-2021-39149Aug 23, 2021
    risk 0.00cvss epss 0.05

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed…

  • CVE-2021-39151Aug 23, 2021
    risk 0.00cvss epss 0.05

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed…