CWE-434— Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.— MITRE CWE catalog
4,071 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-434page 6 of 82
- CVE-2018-18086HIGHCVSS 8.8EG 8.82018-10-09
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
- CVE-2018-18315HIGHCVSS 7.5EG 7.52018-10-15
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
- CVE-2018-18382HIGHCVSS 8.8EG 8.82018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
- CVE-2018-18475CRITICALCVSS 9.8EG 9.82018-10-23
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
- CVE-2018-18563CRITICALCVSS 9.6EG 9.62018-11-20
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChe…
- CVE-2018-18565MEDIUMCVSS 6.8EG 6.82018-11-20
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChe…
- CVE-2018-18572HIGHCVSS 7.2EG 7.22019-08-22
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this…
- CVE-2018-18752CRITICALCVSS 9.8EG 9.82018-10-29
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
- CVE-2018-18771HIGHCVSS 7.5EG 7.52018-10-29
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.
- CVE-2018-18793CRITICALCVSS 9.8EG 9.82018-11-16
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
- CVE-2018-18830CRITICALCVSS 9.8EG 9.82018-10-30
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an …
- CVE-2018-18874CRITICALCVSS 9.8EG 9.82018-10-31
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
- CVE-2018-18888CRITICALCVSS 9.8EG 9.82018-11-01
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renam…
- CVE-2018-18930HIGHCVSS 8.8EG 8.82019-10-29
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can uplo…
- CVE-2018-18934CRITICALCVSS 9.8EG 9.82018-11-05
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted an…
- CVE-2018-18942HIGHCVSS 7.2EG 7.22018-11-05
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
- CVE-2018-19126CRITICALCVSS 9.8EG 9.82018-11-09
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
- CVE-2018-19355CRITICALCVSS 9.8EG 9.82018-11-19
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equa…
- CVE-2018-19420LOWCVSS 3.8EG 3.82018-11-21
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), beca…
- CVE-2018-19421LOWCVSS 3.8EG 3.82018-11-21
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
- CVE-2018-19422HIGHCVSS 7.2EG 7.22018-11-21
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
- CVE-2018-19423HIGHCVSS 7.2EG 7.22018-11-21
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
- CVE-2018-19424HIGHCVSS 7.2EG 7.22018-11-21
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
- CVE-2018-19453HIGHCVSS 8.8EG 8.82019-04-10
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.
- CVE-2018-19457HIGHCVSS 7.2EG 7.22018-11-22
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
- CVE-2018-19514CRITICALCVSS 9.8EG 9.82019-03-21
In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file…
- CVE-2018-19537HIGHCVSS 7.2EG 7.22018-11-26
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by…
- CVE-2018-19550HIGHCVSS 8.8EG 8.82018-11-26
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
- CVE-2018-19562HIGHCVSS 8.8EG 8.82018-11-26
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archi…
- CVE-2018-19612HIGHCVSS 8.8EG 8.82019-05-24
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.
- CVE-2018-1969CRITICALCVSS 9.0EG 9.92019-01-14
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
- CVE-2018-19692CRITICALCVSS 9.8EG 9.82018-11-29
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.
- CVE-2018-19789MEDIUMCVSS 5.3EG 5.32018-12-18
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(str…
- CVE-2018-19798HIGHCVSS 8.8EG 8.82020-03-02
Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to…
- CVE-2018-20063HIGHCVSS 8.8EG 8.82019-02-25
An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by u…
- CVE-2018-20166HIGHCVSS 8.8EG 8.82019-01-02
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters mat…
- CVE-2018-20526CRITICALCVSS 9.8EG 9.82019-03-21
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
- CVE-2018-20925MEDIUMCVSS 6.7EG 6.72019-08-01
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
- CVE-2018-20926MEDIUMCVSS 6.7EG 6.72019-08-01
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
- CVE-2018-21024CRITICALCVSS 9.8EG 9.82019-10-08
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
- CVE-2018-21243MEDIUMCVSS 6.5EG 6.52020-06-04
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.
- CVE-2018-21244CRITICALCVSS 9.8EG 9.82020-06-04
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
- CVE-2018-2404MEDIUMCVSS 4.3EG 9.82018-04-10
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.
- CVE-2018-2420MEDIUMCVSS 6.5EG 9.82018-05-09
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
- CVE-2018-25019HIGHCVSS 7.5EG 7.52021-11-01
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary file…
- CVE-2018-25114CRITICALCVSS 9.3EG 9.32025-07-23
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessib…
- CVE-2018-25158HIGHCVSS 8.8EG 8.82026-02-20
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles…
- CVE-2018-25162MEDIUMCVSS 6.5EG 6.52026-03-06
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 par…
- CVE-2018-25168MEDIUMCVSS 4.3EG 4.32026-03-06
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/…
- CVE-2018-25171HIGHCVSS 8.2EG 8.22026-03-06
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint…
Map vulnerabilities like CWE-434 to your infrastructure
EchelonGraph correlates every CVE — across CWE-434 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →