CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-41267 CRITICAL
SAP Business Objects Platform - File Upload RCE
CVSS 9.9
CVE-2022-45275 HIGH
Dynamic Transaction Queuing System 1.0 - Unauthenticated Arbitrary File Upload via Admin Settings Endpoint
CVSS 7.2
CVE-2022-3912 HIGH
User Registration WordPress Plugin < 2.2.4.1 - Unauthenticated Arbitrary File Upload via AJAX Action
CVSS 7.5
CVE-2022-45968 HIGH
Alist < 3.5.1 - Unrestricted File Upload via File Upload Permission
CVSS 8.8
CVE-2022-45759 HIGH
SENS v1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-46828 MEDIUM
JetBrains IntelliJ IDEA <2022.3 - Code Injection
CVSS 5.2
CVE-2022-45009 HIGH
Online Leave Management System 1.0 - Arbitrary File Upload via SystemSettings.php
CVSS 7.2
CVE-2022-45359 CRITICAL
YITH WooCommerce Gift Cards <= 3.19.0 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2022-45548 HIGH
AyaCMS 3.1.2 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-44289 HIGH
Thinkphp 5.1.41-5.0.24 - Code Injection
CVSS 8.8
CVE-2022-45912 HIGH
Zimbra Collaboration 8.8.15 and 9.0 - Authenticated Remote Code Execution via ClientUploader
CVSS 7.2
CVE-2022-45771 HIGH
pwndoc v0.5.3 - Unauthenticated Arbitrary Code Execution via Crafted Audit File Upload
CVSS 8.8
CVE-2022-4276 MEDIUM
House Rental System - Unrestricted File Upload via tenant-engine.php id_photo Parameter
CVSS 6.3
CVE-2022-4273 HIGH
SourceCodester Human Resource Management System 1.0 - Unrestricted File Upload via pfimg Argument
CVSS 7.3
CVE-2022-4272 MEDIUM
Warehouse Management System - Unrestricted File Upload
CVSS 6.3
CVE-2022-36431 CRITICAL
Rocket TRUfusion Enterprise <7.9.6.1 - RCE
CVSS 9.8
CVE-2022-4232 MEDIUM
SourceCodester Event Registration System 1.0 - Unrestricted File Upload via cmd Argument
CVSS 4.7
CVE-2022-44354 CRITICAL
SolarView Compact <5.0 - Unrestricted File Upload
CVSS 9.8
CVE-2022-38140 HIGH
WordPress SEO Plugin <12.1.10 - Arbitrary File Upload
CVSS 7.6
CVE-2022-44401 CRITICAL
Online Tours & Travels Management System v1.0 - File Upload
CVSS 9.8
CVE-2022-44400 CRITICAL
Purchase Order Management System v1.0 - File Upload Vulnerability
CVSS 9.8
CVE-2022-45476 CRITICAL
Tiny File Manager 2.4.8 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-41705 CRITICAL
Badaso < 2.7.0 - Unauthenticated Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2022-45039 HIGH
WBCE CMS 1.5.4 - Arbitrary File Upload via Server Settings Module
CVSS 7.2
CVE-2022-2791 MEDIUM
Emerson Proficy < 9.00 - Unrestricted Upload of File with Dangerous Type
CVSS 5.9
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits