CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,018 vulnerabilities with CWE-434
CVE-2022-36557 CRITICAL
Seiko SkyBridge MB-A100/A110 <4.2.0 - Code Injection
CVSS 9.8
CVE-2022-37159 CRITICAL
Claroline < 13.5.7 - Unrestricted File Upload
CVSS 9.8
CVE-2022-37181 CRITICAL
72crm Wukong Crm - Unrestricted File Upload
CVSS 9.8
CVE-2022-36285 HIGH
WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Auth ...
CVSS 7.2
CVE-2022-35150 CRITICAL
Baijiacms - Unrestricted File Upload
CVSS 9.8
CVE-2022-2594 HIGH
Advanced Custom Fields <5.12.3 - Info Disclosure
CVSS 8.8
CVE-2022-2909 MEDIUM
Simple And Nice Shopping Cart Script - Unrestricted File Upload
CVSS 6.3
CVE-2022-2180 CRITICAL
GREYD.SUITE WordPress - RCE
CVSS 9.8
CVE-2022-2804 MEDIUM
SourceCodester Zoo Management System - Unrestricted Upload
CVSS 6.3
CVE-2022-2779 MEDIUM
Gas Agency Management System - Unrestricted File Upload
CVSS 6.3
CVE-2022-2751 MEDIUM
Company Website Cms - Unrestricted File Upload
CVSS 6.3
CVE-2022-2750 MEDIUM
Company Website Cms - Unrestricted File Upload
CVSS 6.3
CVE-2022-2749 MEDIUM
Gym Management System - Unrestricted File Upload
CVSS 4.7
CVE-2022-2746 MEDIUM
Simple Online Book Store System - Unrestricted File Upload
CVSS 6.3
CVE-2022-2744 MEDIUM
Gym Management System - Unrestricted File Upload
CVSS 6.3
CVE-2022-2740 MEDIUM
Company Website Cms - Unrestricted File Upload
CVSS 6.3
CVE-2022-2736 MEDIUM
Company Website Cms - Unrestricted File Upload
CVSS 6.3
CVE-2022-35426 CRITICAL
Ucms - Unrestricted File Upload
CVSS 9.8
CVE-2022-36264 CRITICAL
Airspan AirSpot 5410 <0.3.4.1-4 - Unauthenticated RCE
CVSS 9.1
CVE-2022-2356 HIGH
Frontend File Manager & Sharing <1.1.3 - Code Injection
CVSS 8.8
CVE-2022-2046 MEDIUM
Wpwax Directorist < 7.2.3 - Unrestricted File Upload
CVSS 4.9
CVE-2022-2694 MEDIUM
Company Website Cms - Unrestricted File Upload
CVSS 6.3
CVE-2022-2678 MEDIUM
Alphaware E-commerce System - Unrestricted File Upload
CVSS 6.3
CVE-2022-2647 HIGH
jeecg-boot - Unrestricted Upload
CVSS 7.3
CVE-2022-34613 CRITICAL
Mealie - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,018
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits