CWE-434— Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.— MITRE CWE catalog
4,072 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-434page 16 of 82
- CVE-2020-28687HIGHCVSS 8.8EG 8.82020-11-17
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
- CVE-2020-28688HIGHCVSS 8.8EG 8.82020-11-17
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
- CVE-2020-28692HIGHCVSS 7.2EG 7.22020-11-16
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
- CVE-2020-28693HIGHCVSS 8.8EG 8.82020-11-16
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
- CVE-2020-28871CRITICALCVSS 9.8EG 9.82021-02-10
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
- CVE-2020-28939HIGHCVSS 7.2EG 7.22020-12-03
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lea…
- CVE-2020-29032HIGHCVSS 8.4EG 8.42021-03-05
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
- CVE-2020-29176HIGHCVSS 7.8EG 7.82021-12-02
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.
- CVE-2020-29441HIGHCVSS 7.2EG 7.22020-11-30
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), cor…
- CVE-2020-29447MEDIUMCVSS 4.3EG 4.32020-12-21
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before versio…
- CVE-2020-29450MEDIUMCVSS 6.5EG 6.52021-01-19
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before ver…
- CVE-2020-29592CRITICALCVSS 9.8EG 9.82021-04-14
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regar…
- CVE-2020-29597CRITICALCVSS 9.8EG 9.82020-12-07
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
- CVE-2020-29607HIGHCVSS 7.2EG 7.22020-12-16
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
- CVE-2020-3436HIGHCVSS 8.6EG 8.62020-10-21
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders …
- CVE-2020-35133HIGHCVSS 7.5EG 7.52020-12-16
irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60.
- CVE-2020-35442CRITICALCVSS 9.8EG 9.82021-06-02
FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php.
- CVE-2020-35489CRITICALCVSS 10.0EG 10.02020-12-17
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
- CVE-2020-35627HIGHCVSS 8.8EG 8.82020-12-28
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading…
- CVE-2020-35656HIGHCVSS 7.2EG 7.22020-12-23
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to uploa…
- CVE-2020-35657HIGHCVSS 7.2EG 7.22020-12-23
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the…
- CVE-2020-35665CRITICALCVSS 9.8EG 9.82020-12-23
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
- CVE-2020-35760CRITICALCVSS 9.8EG 9.82021-06-16
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
- CVE-2020-35797CRITICALCVSS 9.8EG 9.82020-12-30
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.
- CVE-2020-35945CRITICALCVSS 9.9EG 8.82021-01-01
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This …
- CVE-2020-35949CRITICALCVSS 10.0EG 10.02021-01-01
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by…
- CVE-2020-36079HIGHCVSS 7.2EG 7.22021-02-26
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) p…
- CVE-2020-36082CRITICALCVSS 9.8EG 8.82023-08-11
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
- CVE-2020-36141HIGHCVSS 8.8EG 8.82021-06-04
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
- CVE-2020-36167CRITICALCVSS 9.3EG 9.32021-01-06
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to l…
- CVE-2020-36388HIGHCVSS 8.8EG 8.82021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
- CVE-2020-36485HIGHCVSS 7.8EG 7.82021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
- CVE-2020-36701HIGHCVSS 8.8EG 8.82023-06-07
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it…
- CVE-2020-36705CRITICALCVSS 9.8EG 9.82023-06-07
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated …
- CVE-2020-36706CRITICALCVSS 9.8EG 9.82023-10-20
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0.…
- CVE-2020-36825MEDIUMCVSS 6.3EG 6.32024-03-24
** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation…
- CVE-2020-36842HIGHCVSS 8.8EG 8.82024-10-16
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authen…
- CVE-2020-36847CRITICALCVSS 9.8EG 9.82025-07-12
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. Thi…
- CVE-2020-36849CRITICALCVSS 9.8EG 9.82025-07-12
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0…
- CVE-2020-36863HIGHCVSS 8.8EG 8.82025-10-30
Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the we…
- CVE-2020-36882HIGHCVSS 7.5EG 7.52025-12-05
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.
- CVE-2020-36897CRITICALCVSS 9.8EG 9.82025-12-10
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using…
- CVE-2020-36942HIGHCVSS 8.8EG 8.82026-01-27
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands …
- CVE-2020-36973MEDIUMCVSS 6.5EG 6.52026-01-28
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it…
- CVE-2020-37009HIGHCVSS 8.8EG 8.82026-01-29
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a P…
- CVE-2020-37023HIGHCVSS 8.8EG 8.82026-01-30
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by …
- CVE-2020-37073HIGHCVSS 8.8EG 8.82026-02-03
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory an…
- CVE-2020-37084HIGHCVSS 7.2EG 7.22026-02-03
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in p…
- CVE-2020-37090CRITICALCVSS 9.8EG 9.82026-02-03
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code exe…
- CVE-2020-37113HIGHCVSS 8.8EG 8.82026-02-03
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulner…
Map vulnerabilities like CWE-434 to your infrastructure
EchelonGraph correlates every CVE — across CWE-434 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →