CVE-2021-27618

MEDIUM Year: 2021
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.

Related Vulnerabilities

CVE-2017-11404

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.

CWE-4342017

CVE-2017-11405

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/modul...

CWE-4342017

CVE-2018-16373

MEDIUM
CVSS:4.9(Medium)

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.

CWE-4342018

CVE-2018-16397

MEDIUM
CVSS:4.9(Medium)

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

CWE-4342018

CVE-2019-8140

MEDIUM
CVSS:4.9(Medium)

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the M...

CWE-4342019

CVE-2020-6975

MEDIUM
CVSS:4.9(Medium)

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious...

CWE-4342020