CVE-2020-6293

HIGH Year: 2020
CVSS v3 Score
7.3
High
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.

Related Vulnerabilities

CVE-2016-1713

HIGH
CVSS:7.3(High)

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated ...

CWE-4342016

CVE-2017-18435

HIGH
CVSS:7.3(High)

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).

CWE-4342017

CVE-2020-25406

HIGH
CVSS:7.3(High)

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.

CWE-4342020

CVE-2023-2063

HIGH
CVSS:7.3(High)

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP modu...

CWE-4342023

CVE-2023-42472

HIGH
CVSS:7.3(High)

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system ...

CWE-4342023

CVE-2023-5524

HIGH
CVSS:7.3(High)

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types

CWE-4342023