VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 83 of 84
  • CVE-2019-17352Oct 8, 2019
    risk 0.00cvss epss 0.02

    In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain…

  • CVE-2019-16318Sep 14, 2019
    risk 0.00cvss epss 0.01

    In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and…

  • CVE-2019-7930Aug 2, 2019
    risk 0.00cvss epss 0.02

    A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially…

  • CVE-2019-7912Aug 2, 2019
    risk 0.00cvss epss 0.02

    A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in…

  • CVE-2019-7861Aug 2, 2019
    risk 0.00cvss epss 0.02

    Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • CVE-2019-11401Apr 21, 2019
    risk 0.00cvss epss 0.03

    A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

  • CVE-2019-9185Mar 7, 2019
    risk 0.00cvss epss 0.03

    Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.

  • CVE-2018-19789Dec 18, 2018
    risk 0.00cvss epss 0.04

    An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the…

  • CVE-2018-9209Nov 19, 2018
    risk 0.00cvss epss 0.02

    Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2

  • CVE-2018-18942Nov 5, 2018
    risk 0.00cvss epss 0.02

    In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.

  • CVE-2018-18830Oct 30, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename,…

  • CVE-2018-16388HigSep 12, 2018
    risk 0.00cvss 7.2epss 0.02

    e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.

  • CVE-2018-1000658HigSep 6, 2018
    risk 0.00cvss 8.8epss 0.02

    LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious…

  • CVE-2018-12256HigAug 16, 2018
    risk 0.00cvss 8.8epss 0.03

    admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.

  • CVE-2018-11331CriMay 21, 2018
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.

  • CVE-2018-7562HigMar 12, 2018
    risk 0.00cvss 7.5epss 0.02

    A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via…

  • CVE-2015-4524Jul 4, 2015
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6…

  • CVE-2015-0702Apr 21, 2015
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID…

  • CVE-2013-4250May 20, 2014
    risk 0.00cvss epss 0.01

    The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

  • CVE-2008-2717Jun 16, 2008
    risk 0.00cvss epss 0.03

    TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload…