CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,130 vulnerabilities with CWE-434
CVE-2022-30529
HIGH
isic.lk < 2018-02-13 - Unrestricted File Upload via TinyMCE File Manager
CVSS 7.2
CVE-2022-42698
CRITICAL
Api2Cart Bridge Connector <= 1.1.0 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2022-40200
CRITICAL
wpForo Forum <= 2.0.9 - Authenticated Arbitrary File Upload
CVSS 9.9
CVE-2022-43192
MEDIUM
dedecms v5.7.101 - Arbitrary File Upload via file_manage_control.php
CVSS 6.7
CVE-2022-44384
HIGH
rconfig 3.9.6 - Arbitrary File Upload and Remote Code Execution via PHP File
CVSS 8.8
CVE-2022-43234
CRITICAL
Hoosk 1.8 - Remote Code Execution via Arbitrary File Upload in Attachments Component
CVSS 9.8
CVE-2022-43265
CRITICAL
Canteen Management System <1.0 - RCE
CVSS 9.8
CVE-2022-43146
HIGH
Canteen Management System <1.0 - RCE
CVSS 7.2
CVE-2022-3944
MEDIUM
ERP - Unrestricted File Upload in Commodity Management
CVSS 6.3
CVE-2022-40981
MEDIUM
ETIC Telecom RAS <4.5.0 - Code Injection
CVSS 5.9
CVE-2022-43074
CRITICAL
AyaCMS 3.1.2 - Arbitrary File Upload via fst_upload.inc.php
CVSS 9.8
CVE-2022-39036
CRITICAL
Agentflow BPM - Unauthenticated Arbitrary File Upload and Remote Code Execution via URL Special Character Bypass
CVSS 9.8
CVE-2022-43277
HIGH
Canteen Management System v1.0 - RCE
CVSS 7.2
CVE-2022-40797
CRITICAL
Roxy Fileman 1.4.6 - Remote Code Execution via .phar File Upload
CVSS 9.8
CVE-2022-43050
HIGH
Online Tours & Travels Management System 1.0 - Remote Code Execution via update_profile.php File Upload
CVSS 7.2
CVE-2022-44054
CRITICAL
d8s-xml 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-44053
CRITICAL
d8s-networking <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-44052
CRITICAL
d8s-dates 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-44051
CRITICAL
d8s-stats 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-44050
CRITICAL
d8s-networking <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-44049
CRITICAL
d8s-python 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-44048
CRITICAL
d8s-urls 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-43306
HIGH
d8s-timer 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-43305
CRITICAL
d8s-python 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-43304
CRITICAL
d8s-timer 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
Details
Vulnerabilities
4,130
Exploit Likelihood
Medium