Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4796 1Reviewboard 1Reviewboard Nov 21, 2024 Dec 27, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
CVE-2019-19925 8Debian NetappOpensuse+5 more 11Backports Sle Cloud BackupDebian Linux+8 more Jun 17, 2026 Dec 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-8293 1Abcprintf 1Upload Image With Ajax Jun 17, 2026 Dec 23, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
CVE-2019-19634 2Getk2 Verot Project 2K2 Verot Jun 17, 2026 Dec 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-201...Show more class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.Show less
CVE-2019-19745 1Contao 1Contao Jun 17, 2026 Dec 17, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
CVE-2019-18320 1Siemens 1Sppa T3000 Application Server Jun 17, 2026 Dec 12, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authe...Show more A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2019-18313 1Siemens 1Sppa T3000 Ms3000 Migration Server Jun 17, 2026 Dec 12, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to o...Show more A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2019-18288 1Siemens 1Sppa T3000 Application Server Jun 17, 2026 Dec 12, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through...Show more A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2019-15936 1Intesync 1Solismed Jun 17, 2026 Dec 12, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Intesync Solismed 3.3sp allows Insecure File Upload.
CVE-2019-4612 1Ibm 1Planning Analytics Jun 17, 2026 Dec 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for p...Show more IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.Show less
CVE-2019-19684 1Nopcommerce 1Nopcommerce Jun 17, 2026 Dec 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Fac...Show more nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.Show less
CVE-2012-1592 1Apache 1Struts Nov 21, 2024 Dec 5, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2019-19595 2Adobe Prestashop 2Prestashop Stock Api Integration Jun 17, 2026 Dec 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-19594 2Adobe Prestashop 2Prestashop Stock Api Integration Jun 17, 2026 Dec 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-11216 1Bmc 1Remedy Smart Reporting Jun 17, 2026 Dec 4, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML e...Show more BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed.Show less
CVE-2019-19576 2Getk2 Verot Project 2K2 Verot Jun 17, 2026 Dec 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
CVE-2019-4130 1Ibm 1Cloud Pak System Jun 17, 2026 Dec 3, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.
CVE-2019-19020 1Titanhq 1Webtitan Jun 17, 2026 Dec 2, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files...Show more An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.Show less
CVE-2019-19493 1Kentico 1Xperience Jun 17, 2026 Dec 2, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
CVE-2019-19468 110 Strike 1Free Photo Viewer Jun 17, 2026 Nov 30, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.

Previous 1...180181182...206 Next