CWE-434— Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.— MITRE CWE catalog
4,071 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-434page 11 of 82
- CVE-2019-8093HIGHCVSS 8.8EG 8.82019-11-05
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
- CVE-2019-8114HIGHCVSS 7.2EG 7.22019-11-05
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitr…
- CVE-2019-8140MEDIUMCVSS 4.9EG 4.92019-11-06
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to tr…
- CVE-2019-8293CRITICALCVSS 9.8EG 9.82019-12-23
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
- CVE-2019-8362HIGHCVSS 7.5EG 7.52019-02-16
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because …
- CVE-2019-8371HIGHCVSS 7.2EG 7.22019-09-16
OpenEMR v5.0.1-6 allows code execution.
- CVE-2019-8394MEDIUMCVSS 6.5EG 9.0⚠ KEV2019-02-17
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
- CVE-2019-8404MEDIUMCVSS 6.5EG 6.52019-05-14
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with…
- CVE-2019-8433HIGHCVSS 7.5EG 7.52019-02-18
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
- CVE-2019-8933HIGHCVSS 8.8EG 8.82019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the te…
- CVE-2019-8942HIGHCVSS 8.8EG 9.02019-02-20
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privile…
- CVE-2019-8992HIGHCVSS 8.8EG 8.82019-04-24
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Servic…
- CVE-2019-9042HIGHCVSS 7.2EG 7.22019-02-23
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensio…
- CVE-2019-9050HIGHCVSS 7.2EG 7.22019-02-23
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
- CVE-2019-9181HIGHCVSS 7.2EG 7.22019-02-26
SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows…
- CVE-2019-9185HIGHCVSS 8.8EG 8.82019-03-07
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
- CVE-2019-9189HIGHCVSS 8.8EG 8.82019-06-05
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not …
- CVE-2019-9572HIGHCVSS 7.2EG 7.22019-03-05
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code …
- CVE-2019-9581HIGHCVSS 8.8EG 8.82019-03-06
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file ext…
- CVE-2019-9608HIGHCVSS 8.8EG 8.82019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
- CVE-2019-9609HIGHCVSS 8.8EG 8.82019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
- CVE-2019-9612HIGHCVSS 8.8EG 8.82019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
- CVE-2019-9613HIGHCVSS 7.2EG 7.22019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
- CVE-2019-9617HIGHCVSS 8.8EG 8.82019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
- CVE-2019-9623CRITICALCVSS 9.8EG 9.82019-03-07
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
- CVE-2019-9642CRITICALCVSS 9.8EG 9.82019-06-05
An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created…
- CVE-2019-9692MEDIUMCVSS 6.5EG 6.52019-03-11
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
- CVE-2019-9825CRITICALCVSS 9.8EG 9.82019-03-14
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting…
- CVE-2019-9842HIGHCVSS 7.2EG 7.22019-06-14
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file wit…
- CVE-2019-9951CRITICALCVSS 9.8EG 9.82019-04-24
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upl…
- CVE-2020-0920HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-0929HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-0931HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-0932HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-0971HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-0974HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-10224CRITICALCVSS 9.8EG 9.82020-03-08
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PH…
- CVE-2020-10225CRITICALCVSS 9.8EG 9.82020-03-08
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP f…
- CVE-2020-10228HIGHCVSS 8.8EG 8.82020-09-14
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
- CVE-2020-1023HIGHCVSS 8.8EG 8.82020-05-21
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-1024HIGHCVSS 8.8EG 8.82020-05-21
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-10386HIGHCVSS 7.2EG 7.22020-03-12
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
- CVE-2020-10507CRITICALCVSS 9.8EG 9.82020-04-15
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine.
- CVE-2020-10557HIGHCVSS 8.8EG 8.82020-03-16
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. Th…
- CVE-2020-10562HIGHCVSS 7.2EG 7.22020-03-13
An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.
- CVE-2020-10569CRITICALCVSS 9.8EG 9.82020-04-21
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining …
- CVE-2020-10621CRITICALCVSS 9.8EG 9.82020-04-09
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
- CVE-2020-10682HIGHCVSS 7.8EG 7.82020-03-20
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it nee…
- CVE-2020-10806CRITICALCVSS 9.8EG 9.82020-03-22
eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP co…
- CVE-2020-10934HIGHCVSS 7.2EG 7.22020-03-24
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
Map vulnerabilities like CWE-434 to your infrastructure
EchelonGraph correlates every CVE — across CWE-434 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →