Vulnerabilities (CVE)

Filtered by CWE-434
Total 2590 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16397 1 Limesurvey 1 Limesurvey 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
CVE-2018-17440 1 Dlink 1 Central Wifimanager 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
CVE-2018-16097 1 Lenovo 1 Xclarity Integrator 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
CVE-2018-16731 1 Chshcms 1 Cscms 2024-02-28 7.5 HIGH 9.8 CRITICAL
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
CVE-2019-0259 1 Sap 1 Businessobjects 2024-02-28 7.5 HIGH 9.8 CRITICAL
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
CVE-2018-17573 1 Smartlogix 1 Wp-insert 2024-02-28 7.5 HIGH 9.8 CRITICAL
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
CVE-2018-19562 1 Phpok 1 Phpok 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
CVE-2018-16287 1 Lg 1 Supersign Cms 2024-02-28 7.5 HIGH 9.8 CRITICAL
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVE-2018-16388 1 E107 1 E107 2024-02-28 6.5 MEDIUM 7.2 HIGH
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVE-2018-14570 1 Niushop 1 B2b2c Multi-business 2024-02-28 6.5 MEDIUM 8.8 HIGH
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.
CVE-2018-11196 1 Mahara 1 Mahara 2024-02-28 5.0 MEDIUM 7.5 HIGH
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.
CVE-2018-12263 1 Portfoliocms Project 1 Portfoliocms 2024-02-28 6.5 MEDIUM 8.8 HIGH
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
CVE-2018-1265 2 Cloudfoundry, Pivotal Software 2 Cf-deployment, Cloud Foundry Diego 2024-02-28 6.5 MEDIUM 7.2 HIGH
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.
CVE-2017-6931 1 Drupal 1 Drupal 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.
CVE-2016-7443 1 Exponentcms 1 Exponent Cms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
CVE-2018-12914 1 Publiccms 1 Publiccms 2024-02-28 7.5 HIGH 9.8 CRITICAL
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
CVE-2018-11331 1 Pluck-cms 1 Pluck 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-2420 1 Sap 1 Internet Graphics Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
CVE-2018-11392 1 Jigowatt 1 Php Login \& User Management 2024-02-28 6.5 MEDIUM 8.8 HIGH
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.
CVE-2018-0568 1 Sitebridge 1 Joruri Gw 2024-02-28 6.5 MEDIUM 8.8 HIGH
Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.