CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434

CVE-2022-43303 CRITICAL

d8s-strings <0.1.0 - Code Injection

CVSS 9.8

CVE-2022-3537 HIGH

Role Based Pricing for WooCommerce < 1.6.2 - Authenticated Arbitrary File Upload

CVSS 8.8

CVE-2022-43061 HIGH

Online Tours & Travels Management System 1.0 - Unauthenticated Arbitrary File Upload via travellers.php

CVSS 7.2

CVE-2022-3575 CRITICAL

Frauscher Sensortechnik GmbH FDS102 - Code Injection

CVSS 9.8

CVE-2022-43085 HIGH

Restaurant POS System 1.0 - Remote Code Execution via File Upload in add_product.php

CVSS 7.2

CVE-2022-43083 HIGH

Vehicle Booking System 1.0 - Unauthenticated Arbitrary File Upload via admin-add-vehicle.php

CVSS 7.2

CVE-2022-39019 MEDIUM

M-Files Hubshare <3.3.11.3 - Info Disclosure

CVSS 6.3

CVE-2022-42925 CRITICAL

Formalms < 3.2.1 - Unrestricted File Upload

CVSS 9.9

CVE-2022-41681 CRITICAL

Forma LMS <3.1.0 - Privilege Escalation

CVSS 9.9

CVE-2022-40471 CRITICAL

Clinic's Patient Management System 1.0 - RCE

CVSS 9.8

CVE-2022-3771 MEDIUM

easyiicms - Unrestricted File Upload in Upload.php File Helper

CVSS 6.3

CVE-2022-43283 MEDIUM

wabt wasm2c v1.0.29 - Denial of Service via CWriter::Write Abort

CVSS 5.5

CVE-2022-43231 HIGH

Canteen Management System v1.0 - RCE

CVSS 7.2

CVE-2022-37426 MEDIUM

OpenNebula < 6.4.2 - File Content Injection via Unrestricted File Upload

CVSS 4.3

CVE-2022-43275 HIGH

Canteen Management System v1.0 - RCE

CVSS 7.2

CVE-2022-33859 HIGH

Eaton Foreseer EPMS <7.6 - File Upload

CVSS 8.1

CVE-2022-39978 HIGH

Online Pet Shop We App 1.0 - Arbitrary File Upload and Remote Code Execution via Product List Picture Upload

CVSS 7.2

CVE-2022-39977 HIGH

Online Pet Shop We App 1.0 - Arbitrary File Upload and Remote Code Execution via User Module Picture Upload

CVSS 7.2

CVE-2022-41711 CRITICAL

Badaso 2.6.0 - Unauthenticated Remote Code Execution via Unrestricted File Upload

CVSS 9.8

CVE-2022-36452 CRITICAL

Mitel MiCollab < 9.6 - Unauthenticated Arbitrary File Upload and Remote Code Execution

CVSS 9.8

CVE-2022-39305 CRITICAL

gin-vue-admin < 2.5.4b - Arbitrary File Read via Unvalidated fileMd5 and fileName Parameters

CVSS 9.8

CVE-2022-42189 HIGH

Emlog Pro 1.6.0 - Remote Code Execution via Plugin Upload

CVSS 7.2

CVE-2022-42201 HIGH

Simple Exam Reviewer Management System 1.0 - Unrestricted Upload of File with Dangerous Type

CVSS 7.2

CVE-2022-42198 HIGH

Simple Exam Reviewer Management System 1.0 - Unrestricted Upload of File with Dangerous Type in User List Function

CVSS 8.8

CVE-2022-31366 HIGH

EVE-NG 2.0.3-112 - Remote Code Execution via Crafted UNL File Upload

CVSS 7.2

Details

Vulnerabilities 4,130

Exploit Likelihood Medium

Links