Все уязвимости CVE, классифицированные под этим типом уязвимости.
Посмотреть на MITRE CWE50
17
0
0
The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manip...
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-434 Unrestricted Upload of File with Dangerous Type
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded.
GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L563...
A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrar...
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering use...
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: mod...
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.
SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
Cervantes through 0.5-alpha accepts insecure file uploads.
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
Microsoft Exchange Server Security Feature Bypass Vulnerability
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.
SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.
PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder t...
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9.
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malici...
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to uplo...
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.