CWE-434— Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.— MITRE CWE catalog
4,071 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-434page 12 of 82
- CVE-2020-10963HIGHCVSS 7.2EG 7.22020-03-25
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. N…
- CVE-2020-10964CRITICALCVSS 9.8EG 9.82020-03-25
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
- CVE-2020-11011CRITICALCVSS 9.9EG 9.92020-04-22
In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.
- CVE-2020-1102HIGHCVSS 8.8EG 8.82020-05-21
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
- CVE-2020-11108HIGHCVSS 8.8EG 9.02020-05-11
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with t…
- CVE-2020-1112CRITICALCVSS 9.9EG 9.92020-05-21
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vuln…
- CVE-2020-11451HIGHCVSS 7.2EG 7.22020-04-02
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload…
- CVE-2020-11476HIGHCVSS 7.2EG 7.22020-07-28
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
- CVE-2020-11486CRITICALCVSS 9.8EG 9.82020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the prod…
- CVE-2020-11544HIGHCVSS 7.2EG 7.22020-04-06
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnera…
- CVE-2020-11598CRITICALCVSS 9.8EG 9.82020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
- CVE-2020-11629HIGHCVSS 7.2EG 7.22020-04-08
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certifi…
- CVE-2020-11722CRITICALCVSS 9.8EG 9.82020-04-12
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
- CVE-2020-11807HIGHCVSS 7.8EG 7.82020-05-19
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiti…
- CVE-2020-11811CRITICALCVSS 9.8EG 9.82020-04-16
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this ma…
- CVE-2020-11815CRITICALCVSS 9.8EG 9.82020-04-16
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance…
- CVE-2020-11817CRITICALCVSS 9.8EG 9.82020-04-27
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenan…
- CVE-2020-11943HIGHCVSS 8.8EG 8.82020-04-29
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
- CVE-2020-12005HIGHCVSS 7.5EG 7.52020-06-15
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: V…
- CVE-2020-12077HIGHCVSS 8.8EG 8.82020-04-23
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.
- CVE-2020-12252MEDIUMCVSS 6.2EG 6.22020-04-29
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execut…
- CVE-2020-12255HIGHCVSS 8.8EG 8.82020-05-18
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an at…
- CVE-2020-1255HIGHCVSS 8.8EG 8.82020-06-09
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vuln…
- CVE-2020-12675HIGHCVSS 8.8EG 8.82020-05-29
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOT…
- CVE-2020-12715HIGHCVSS 8.8EG 8.82020-09-30
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
- CVE-2020-12800CRITICALCVSS 9.8EG 9.82020-06-08
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
- CVE-2020-12828CRITICALCVSS 9.8EG 9.82020-05-21
An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides l…
- CVE-2020-12837HIGHCVSS 7.5EG 7.52020-09-24
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
- CVE-2020-12843CRITICALCVSS 9.8EG 9.82020-09-24
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
- CVE-2020-12846HIGHCVSS 8.0EG 8.02020-06-03
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) i…
- CVE-2020-12854HIGHCVSS 8.8EG 8.82020-07-15
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.
- CVE-2020-13126CRITICALCVSS 9.9EG 9.92020-05-17
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve …
- CVE-2020-13128HIGHCVSS 7.5EG 7.52020-05-18
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, lead…
- CVE-2020-13241HIGHCVSS 7.8EG 7.82020-05-20
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
- CVE-2020-13260MEDIUMCVSS 6.1EG 6.12020-09-17
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file …
- CVE-2020-13384HIGHCVSS 8.8EG 8.82020-05-22
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-1804…
- CVE-2020-13442CRITICALCVSS 9.8EG 9.82020-05-25
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
- CVE-2020-13443HIGHCVSS 8.8EG 8.82020-06-24
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is poss…
- CVE-2020-13671HIGHCVSS 8.8EG 9.0⚠ KEV2020-11-20
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This …
- CVE-2020-13675CRITICALCVSS 9.8EG 9.82022-02-11
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass th…
- CVE-2020-13774CRITICALCVSS 9.9EG 9.92020-11-12
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficie…
- CVE-2020-13852HIGHCVSS 7.2EG 7.22020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
- CVE-2020-13855HIGHCVSS 7.2EG 7.22020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
- CVE-2020-13887HIGHCVSS 8.8EG 8.82020-06-22
documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.
- CVE-2020-13994HIGHCVSS 8.8EG 8.82020-07-09
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction wit…
- CVE-2020-14008HIGHCVSS 7.2EG 7.22020-09-04
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
- CVE-2020-14022HIGHCVSS 8.8EG 8.82020-09-22
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help …
- CVE-2020-14065MEDIUMCVSS 6.5EG 6.52020-07-15
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
- CVE-2020-14066HIGHCVSS 8.8EG 8.82020-07-15
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
- CVE-2020-14067CRITICALCVSS 9.8EG 9.82020-06-15
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/pack…
Map vulnerabilities like CWE-434 to your infrastructure
EchelonGraph correlates every CVE — across CWE-434 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →