CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-434

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010209 434 2019-07-23 2019-10-09
5.0
None Remote Low Not required None Partial None
GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14.
2 CVE-2019-1010123 434 2019-07-23 2019-10-09
5.0
None Remote Low Not required None Partial None
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.
3 CVE-2019-1010062 434 2019-07-16 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8.
4 CVE-2019-17352 434 Bypass 2019-10-08 2019-10-15
5.0
None Remote Low Not required None Partial None
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
5 CVE-2019-17188 434 Bypass 2019-10-04 2019-10-10
6.5
None Remote Low Single system Partial Partial Partial
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function.
6 CVE-2019-17046 434 Exec Code 2019-09-30 2019-10-04
9.0
None Remote Low Single system Complete Complete Complete
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.
7 CVE-2019-16720 434 2019-09-23 2019-09-23
5.0
None Remote Low Not required None Partial None
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.
8 CVE-2019-16318 434 Bypass 2019-09-14 2019-09-17
6.5
None Remote Low Single system Partial Partial Partial
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
9 CVE-2019-16131 434 2019-09-08 2019-09-10
6.5
None Remote Low Single system Partial Partial Partial
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
10 CVE-2019-15866 434 2019-09-03 2019-09-05
6.5
None Remote Low Single system Partial Partial Partial
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
11 CVE-2019-15862 434 2019-09-26 2019-10-02
5.0
None Remote Low Not required None Partial None
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.
12 CVE-2019-15843 434 2019-09-18 2019-09-20
5.8
None Remote Medium Not required Partial Partial None
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.
13 CVE-2019-15751 434 Exec Code 2019-10-07 2019-10-08
10.0
None Remote Low Not required Complete Complete Complete
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.
14 CVE-2019-15748 434 Exec Code 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code.
15 CVE-2019-15649 434 2019-08-27 2019-08-30
6.5
None Remote Low Single system Partial Partial Partial
The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.
16 CVE-2019-15524 434 Exec Code 2019-08-26 2019-08-30
7.5
None Remote Low Not required Partial Partial Partial
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.
17 CVE-2019-15131 434 Exec Code 2019-09-17 2019-09-17
7.5
None Remote Low Not required Partial Partial Partial
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.
18 CVE-2019-15130 434 2019-08-18 2019-08-30
10.0
None Remote Low Not required Complete Complete Complete
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.
19 CVE-2019-15091 434 2019-08-16 2019-08-27
7.5
None Remote Low Not required Partial Partial Partial
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
20 CVE-2019-14916 434 2019-09-20 2019-09-27
4.0
None Remote Low Single system None Partial None
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.
21 CVE-2019-14755 434 2019-08-15 2019-08-20
6.5
None Remote Low Single system Partial Partial Partial
The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.
22 CVE-2019-14748 434 XSS 2019-08-07 2019-08-14
3.5
None Remote Medium Single system None Partial None
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
23 CVE-2019-14252 434 2019-09-18 2019-09-18
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden).
24 CVE-2019-13984 434 2019-07-19 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.
25 CVE-2019-13980 434 Exec Code 2019-07-19 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
26 CVE-2019-13979 434 Exec Code 2019-07-19 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
27 CVE-2019-13976 434 2019-09-04 2019-09-05
7.5
None Remote Low Not required Partial Partial Partial
eGain Chat 15.0.3 allows unrestricted file upload.
28 CVE-2019-13973 434 2019-07-19 2019-07-19
7.5
None Remote Low Not required Partial Partial Partial
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
29 CVE-2019-13464 434 Bypass 2019-07-09 2019-07-15
5.0
None Remote Low Not required None Partial None
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.
30 CVE-2019-13359 434 2019-07-16 2019-07-18
8.5
None Remote Medium Single system Complete Complete Complete
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
31 CVE-2019-13187 434 2019-09-05 2019-09-06
7.5
None Remote Low Not required Partial Partial Partial
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
32 CVE-2019-13082 434 Exec Code 2019-06-30 2019-07-03
7.5
None Remote Low Not required Partial Partial Partial
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir.
33 CVE-2019-12971 434 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.
34 CVE-2019-12803 434 2019-07-10 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
35 CVE-2019-12377 434 Exec Code 2019-06-03 2019-06-04
7.5
None Remote Low Not required Partial Partial Partial
A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.
36 CVE-2019-12326 434 Exec Code 2019-07-22 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
37 CVE-2019-12170 434 Exec Code 2019-05-17 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
38 CVE-2019-12169 434 Exec Code Dir. Trav. 2019-06-03 2019-08-05
6.8
None Remote Medium Not required Partial Partial Partial
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.
39 CVE-2019-12150 434 2019-05-24 2019-05-30
7.5
None Remote Low Not required Partial Partial Partial
Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.
40 CVE-2019-11887 434 Exec Code 2019-05-17 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution.
41 CVE-2019-11655 434 2019-10-04 2019-10-10
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
42 CVE-2019-11631 434 Exec Code 2019-04-30 2019-05-03
6.5
None Remote Low Single system Partial Partial Partial
Moodle 3.6.3 allows remote authenticated administrators to execute arbitrary PHP code via a ZIP archive, containing a theme_*.php file, to repository/repository_ajax.php?action=upload and admin/tool/installaddon/index.php.
43 CVE-2019-11615 434 2019-04-30 2019-05-01
6.5
None Remote Low Single system Partial Partial Partial
/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.
44 CVE-2019-11568 434 2019-04-27 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.
45 CVE-2019-11552 434 Exec Code 2019-07-19 2019-09-18
4.4
None Local Medium Not required Partial Partial Partial
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
46 CVE-2019-11447 434 Exec Code Bypass 2019-04-22 2019-04-26
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
47 CVE-2019-11446 434 Bypass 2019-04-22 2019-04-26
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.
48 CVE-2019-11445 434 Exec Code +Priv 2019-04-22 2019-04-23
9.0
None Remote Low Single system Complete Complete Complete
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
49 CVE-2019-11401 434 Exec Code 2019-04-22 2019-04-24
6.5
None Remote Low Single system Partial Partial Partial
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.
50 CVE-2019-11378 434 Dir. Trav. 2019-04-20 2019-05-10
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
Total number of vulnerabilities : 385   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.