CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 82 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15277 | 0.00 | — | 0.02 | Oct 30, 2020 | baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. | |||
| CVE-2020-15839 | — | 0.00 | — | 0.02 | Sep 22, 2020 | Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files. | ||
| CVE-2020-11476 | — | 0.00 | — | 0.03 | Jul 28, 2020 | Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | ||
| CVE-2020-9309 | — | 0.00 | — | 0.02 | Jul 15, 2020 | Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the… | ||
| CVE-2020-1469 | — | 0.00 | — | 0.05 | Jul 14, 2020 | A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | ||
| CVE-2020-14961 | — | 0.00 | — | 0.01 | Jun 21, 2020 | Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | ||
| CVE-2020-8162 | — | 0.00 | — | 0.03 | Jun 19, 2020 | A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | ||
| CVE-2020-13241 | — | 0.00 | — | 0.00 | May 20, 2020 | Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | ||
| CVE-2020-9280 | — | 0.00 | — | 0.02 | Apr 15, 2020 | In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x.… | ||
| CVE-2020-9472 | — | 0.00 | — | 0.02 | Mar 16, 2020 | Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. | ||
| CVE-2020-9471 | — | 0.00 | — | 0.02 | Mar 16, 2020 | Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | ||
| CVE-2020-5188 | — | 0.00 | — | 0.02 | Feb 24, 2020 | DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | ||
| CVE-2019-19745 | — | 0.00 | — | 0.01 | Dec 17, 2019 | Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. | ||
| CVE-2019-19576 | — | 0.00 | — | 0.26 | Dec 4, 2019 | class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. | ||
| CVE-2019-8140 | 0.00 | — | 0.01 | Nov 5, 2019 | An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP… | |||
| CVE-2019-8114 | 0.00 | — | 0.02 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration… | |||
| CVE-2019-8093 | 0.00 | — | 0.01 | Nov 5, 2019 | An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files. | |||
| CVE-2010-3663 | — | 0.00 | — | 0.02 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||
| CVE-2019-16530 | — | 0.00 | — | 0.03 | Oct 21, 2019 | Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | ||
| CVE-2019-16700 | — | 0.00 | — | 0.03 | Oct 16, 2019 | The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since… |
- CVE-2020-15277Oct 30, 2020risk 0.00cvss —epss 0.02
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
- CVE-2020-15839Sep 22, 2020risk 0.00cvss —epss 0.02
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
- CVE-2020-11476Jul 28, 2020risk 0.00cvss —epss 0.03
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
- CVE-2020-9309Jul 15, 2020risk 0.00cvss —epss 0.02
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the…
- CVE-2020-1469Jul 14, 2020risk 0.00cvss —epss 0.05
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.
- CVE-2020-14961Jun 21, 2020risk 0.00cvss —epss 0.01
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
- CVE-2020-8162Jun 19, 2020risk 0.00cvss —epss 0.03
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
- CVE-2020-13241May 20, 2020risk 0.00cvss —epss 0.00
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
- CVE-2020-9280Apr 15, 2020risk 0.00cvss —epss 0.02
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x.…
- CVE-2020-9472Mar 16, 2020risk 0.00cvss —epss 0.02
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
- CVE-2020-9471Mar 16, 2020risk 0.00cvss —epss 0.02
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
- CVE-2020-5188Feb 24, 2020risk 0.00cvss —epss 0.02
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.
- CVE-2019-19745Dec 17, 2019risk 0.00cvss —epss 0.01
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
- CVE-2019-19576Dec 4, 2019risk 0.00cvss —epss 0.26
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
- CVE-2019-8140Nov 5, 2019risk 0.00cvss —epss 0.01
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP…
- CVE-2019-8114Nov 5, 2019risk 0.00cvss —epss 0.02
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration…
- CVE-2019-8093Nov 5, 2019risk 0.00cvss —epss 0.01
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
- CVE-2010-3663Nov 4, 2019risk 0.00cvss —epss 0.02
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
- CVE-2019-16530Oct 21, 2019risk 0.00cvss —epss 0.03
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
- CVE-2019-16700Oct 16, 2019risk 0.00cvss —epss 0.03
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since…