CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-41386 CRITICAL
d8s-utility <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-41385 CRITICAL
d8s-html 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-41384 CRITICAL
d8s-domains <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-41383 CRITICAL
d8s-archives 0.1.0 - Code Injection
CVSS 9.8
CVE-2022-41382 CRITICAL
d8s-json 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-41381 CRITICAL
d8s-utility <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-41380 CRITICAL
d8s-yaml 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-42229 HIGH
Wedding Planner 1.0 - Remote Code Execution via package_edit.php
CVSS 8.8
CVE-2022-42034 HIGH
Wedding Planner v1.0 - Remote Code Execution via users_profile.php
CVSS 8.8
CVE-2022-3436 MEDIUM
Web-Based Student Clearance System 1.0 - Unrestricted File Upload in Photo Handler
CVSS 6.3
CVE-2022-41379 HIGH
Online Leave Management System v1.0 - RCE
CVSS 7.2
CVE-2022-42092 HIGH
Backdrop CMS 1.22.0 - Unrestricted File Upload via Themes
CVSS 7.2
CVE-2022-41512 HIGH
Online Diagnostic Lab Management System <1.0 - RCE
CVSS 7.2
CVE-2022-40721 CRITICAL
creativedream_file_uploader - Arbitrary File Upload
CVSS 9.8
CVE-2022-3125 HIGH
Frontend File Manager Plugin < 21.3 - Authenticated Arbitrary File Upload and Remote Code Execution via File Renaming
CVSS 8.8
CVE-2022-40886 HIGH
DedeCMS 5.7.98 - File Upload Vulnerability
CVSS 7.2
CVE-2022-40341 HIGH
mojoPortal 2.7 - Arbitrary File Upload and Remote Code Execution via Crafted PNG File
CVSS 8.8
CVE-2022-41437 HIGH
Billing System Project v1.0 - Remote Code Execution via /php_action/createProduct.php
CVSS 7.2
CVE-2022-36066 CRITICAL
Discourse <2.8.9-2.9.0.beta10 - RCE
CVSS 9.1
CVE-2022-40407 HIGH
Chamilo 1.11 - Authenticated Remote Code Execution via Zip Slip in File Upload
CVSS 8.8
CVE-2022-40048 HIGH
Flatpress v1.2.1 - Remote Code Execution via Upload File Function
CVSS 7.2
CVE-2022-40878 HIGH
Exam Reviewer Management System 1.0 - Authenticated RCE
CVSS 8.8
CVE-2022-37346 CRITICAL
EC-CUBE Product Image Bulk Upload Plugin 1.0.0 and 4.1.0 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2022-40050 CRITICAL
ZFile v4.1.1 - Arbitrary File Upload via /file/upload/1
CVSS 9.8
CVE-2022-40925 HIGH
Zoo Management System v1.0 - File Upload
CVSS 7.2
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits