Vulnerabilities (CVE)

Filtered by CWE-434
Total 2367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30149 1 Ocproducts 1 Composr 2021-04-08 7.5 HIGH 9.8 CRITICAL
Composr 10.0.36 allows upload and execution of PHP files.
CVE-2021-24160 1 Expresstech 1 Responsive Menu 2021-04-08 6.5 MEDIUM 8.8 HIGH
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
CVE-2020-21585 1 Emlog 1 Emlog 2021-04-08 7.5 HIGH 9.8 CRITICAL
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
CVE-2021-23001 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more 2021-04-05 4.0 MEDIUM 4.3 MEDIUM
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CVE-2020-28173 1 Simple College Project 1 Simple College 2021-04-02 6.5 MEDIUM 7.2 HIGH
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
CVE-2021-26597 1 Nokia 1 Netact 2021-04-01 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.
CVE-2020-19642 1 Insma 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware 2021-04-01 4.6 MEDIUM 6.2 MEDIUM
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card.
CVE-2021-3378 1 Fortilogger 1 Fortilogger 2021-03-31 7.5 HIGH 9.8 CRITICAL
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
CVE-2021-27274 1 Netgear 1 Prosafe Network Management System 2021-03-30 10.0 HIGH 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.
CVE-2020-14209 1 Dolibarr 1 Dolibarr 2021-03-30 6.5 MEDIUM 8.8 HIGH
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
CVE-2021-21357 1 Typo3 1 Typo3 2021-03-26 6.5 MEDIUM 8.3 HIGH
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
CVE-2021-21355 1 Typo3 1 Typo3 2021-03-26 7.5 HIGH 8.6 HIGH
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
CVE-2021-24123 1 Blubrry 1 Powerpress 2021-03-23 6.5 MEDIUM 7.2 HIGH
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
CVE-2021-28294 1 Online Ordering System Project 1 Online Ordering System 2021-03-22 7.5 HIGH 9.8 CRITICAL
Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).
CVE-2021-28379 2 Myvestacp, Vestacp 2 Myvesta, Vesta Control Panel 2021-03-19 6.8 MEDIUM 8.8 HIGH
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
CVE-2021-27817 1 Shopxo 1 Shopxo 2021-03-18 7.5 HIGH 9.8 CRITICAL
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.
CVE-2021-27964 1 Sfcyazilim 1 Sonlogger 2021-03-16 7.5 HIGH 9.8 CRITICAL
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
CVE-2020-29032 1 Secomea 2 Gatemanager 8250, Gatemanager 8250 Firmware 2021-03-12 6.5 MEDIUM 7.2 HIGH
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
CVE-2020-24948 1 Autoptimize 1 Autoptimize 2021-03-04 6.5 MEDIUM 7.2 HIGH
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
CVE-2021-20659 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2021-03-01 6.5 MEDIUM 8.8 HIGH
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.