CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-39301 HIGH
sra-admin < 1.1.1 - Authenticated Stored Cross-Site Scripting via Profile Picture Upload
CVSS 8.2
CVE-2022-41537 HIGH
Online Tours & Travels Management System v1.0 - RCE
CVSS 7.2
CVE-2022-41504 HIGH
Billing System Project v1.0 - Remote Code Execution via PHP File Upload in Product Image Editor
CVSS 7.2
CVE-2022-3552 HIGH
Boxbilling < 0.0.1 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2022-32176 CRITICAL
gin-vue-admin 2.5.1-2.5.3b - Unrestricted File Upload via Compress Upload Functionality
CVSS 9.0
CVE-2022-42029 HIGH
Chamilo 1.11.16 - Authenticated Local File Inclusion via Big File Uploads
CVSS 8.8
CVE-2022-42154 CRITICAL
74cmsse 3.13.0 - Arbitrary File Upload via /apiadmin/upload/attach Endpoint
CVSS 9.8
CVE-2022-3549 MEDIUM
SourceCodester Simple Cold Storage Management System 1.0 - Unrestri...
CVSS 4.7
CVE-2022-32177 CRITICAL
gin-vue-admin 2.5.1-2.5.3beta - Unrestricted File Upload via Normal Upload to Media Library
CVSS 9.0
CVE-2022-41539 HIGH
Wedding Planner 1.0 - Remote Code Execution via Arbitrary File Upload in /admin/users_add.php
CVSS 8.8
CVE-2022-41538 HIGH
Wedding Planner v1.0 - Code Injection
CVSS 8.8
CVE-2022-41534 HIGH
Online Diagnostic Lab Management System v1.0 - Code Injection
CVSS 7.2
CVE-2022-41533 HIGH
Online Diagnostic Lab Management System v1.0 - RCE
CVSS 7.2
CVE-2022-3458 MEDIUM
SourceCodester Human Resource Management System 1.0 - Unrestricted File Upload in Image File Handler
CVSS 6.3
CVE-2022-41406 HIGH
Church Management System <1.0 - RCE
CVSS 7.2
CVE-2022-40921 HIGH
dedecms V5.7.99 - Arbitrary File Upload via file_manage_control.php
CVSS 7.2
CVE-2022-40777 HIGH
Interspire Email Marketer < 6.5.0 - Arbitrary File Upload via surveys_submit.php
CVSS 8.8
CVE-2022-42044 CRITICAL
d8s-asns 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-42043 CRITICAL
d8s-xml 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-42040 CRITICAL
d8s-algorithms 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-42039 CRITICAL
d8s-lists 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-42038 CRITICAL
d8s-ip-addresses 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-42037 CRITICAL
d8s-asns 0.1.0 - Unrestricted Upload of File with Dangerous Type via democritus-csv Backdoor
CVSS 9.8
CVE-2022-42036 CRITICAL
d8s-urls 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-41387 CRITICAL
d8s-pdfs 0.1.0 - Unrestricted Upload of File with Dangerous Type via democritus-urls Backdoor
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits