VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 82 of 84
  • CVE-2020-15277Oct 30, 2020
    risk 0.00cvss epss 0.02

    baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.

  • CVE-2020-15839Sep 22, 2020
    risk 0.00cvss epss 0.02

    Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

  • CVE-2020-11476Jul 28, 2020
    risk 0.00cvss epss 0.03

    Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.

  • CVE-2020-9309Jul 15, 2020
    risk 0.00cvss epss 0.02

    Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the…

  • CVE-2020-1469Jul 14, 2020
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.

  • CVE-2020-14961Jun 21, 2020
    risk 0.00cvss epss 0.01

    Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.

  • CVE-2020-8162Jun 19, 2020
    risk 0.00cvss epss 0.03

    A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

  • CVE-2020-13241May 20, 2020
    risk 0.00cvss epss 0.00

    Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.

  • CVE-2020-9280Apr 15, 2020
    risk 0.00cvss epss 0.02

    In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x.…

  • CVE-2020-9472Mar 16, 2020
    risk 0.00cvss epss 0.02

    Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

  • CVE-2020-9471Mar 16, 2020
    risk 0.00cvss epss 0.02

    Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.

  • CVE-2020-5188Feb 24, 2020
    risk 0.00cvss epss 0.02

    DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.

  • CVE-2019-19745Dec 17, 2019
    risk 0.00cvss epss 0.01

    Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

  • CVE-2019-19576Dec 4, 2019
    risk 0.00cvss epss 0.26

    class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.

  • CVE-2019-8140Nov 5, 2019
    risk 0.00cvss epss 0.01

    An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP…

  • CVE-2019-8114Nov 5, 2019
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration…

  • CVE-2019-8093Nov 5, 2019
    risk 0.00cvss epss 0.01

    An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.

  • CVE-2010-3663Nov 4, 2019
    risk 0.00cvss epss 0.02

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

  • CVE-2019-16530Oct 21, 2019
    risk 0.00cvss epss 0.03

    Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

  • CVE-2019-16700Oct 16, 2019
    risk 0.00cvss epss 0.03

    The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since…