CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-40924 HIGH
Zoo Management System v1.0 - File Upload
CVSS 7.2
CVE-2022-3076 HIGH
CM Download Manager <2.8.6 - Privilege Escalation
CVSS 7.2
CVE-2022-3257 LOW
Mattermost < 7.2.0 - Authenticated Denial of Service via Crafted GIF Upload
CVSS 3.1
CVE-2022-40087 CRITICAL
Simple College Website 1.0 - Unauthenticated Arbitrary File Write via file_put_contents()
CVSS 9.8
CVE-2022-40932 HIGH
Zoo Management System v1.0 - File Upload
CVSS 7.2
CVE-2022-40217 MEDIUM
XplodedThemes WPide <= 2.6 - Authenticated Arbitrary File Upload and Edit
CVSS 6.5
CVE-2022-36386 CRITICAL
Import any XML or CSV File to WordPress <= 3.6.7 - Authenticated Arbitrary Code Execution via Unrestricted File Upload
CVSS 9.1
CVE-2022-2872 MEDIUM
GitHub octoprint/octoprint <1.8.3 - File Injection
CVSS 5.4
CVE-2022-38916 CRITICAL
Pagekit <1.0.18 - File Upload Vulnerability
CVSS 9.8
CVE-2022-40432 CRITICAL
d8s-strings 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-40431 CRITICAL
d8s-pdfs 0.1.0 - Unrestricted Upload of File with Dangerous Type via democritus-networking Package
CVSS 9.8
CVE-2022-38887 CRITICAL
d8s-python 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-38886 CRITICAL
d8s-xml 0.1.0 - Unrestricted Upload of File with Dangerous Type via democritus-strings Backdoor
CVSS 9.8
CVE-2022-38885 CRITICAL
d8s-netstrings <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-38884 CRITICAL
d8s-grammars <0.1.0 - Code Injection
CVSS 9.8
CVE-2022-38883 CRITICAL
d8s-math 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-38882 CRITICAL
d8s-json 0.1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-38881 CRITICAL
d8s-archives 0.1.0 - Unrestricted Upload of File with Dangerous Type via democritus-strings Backdoor
CVSS 9.8
CVE-2022-38877 HIGH
Garage Management System v1.0 - RCE
CVSS 7.2
CVE-2022-38843 HIGH
EspoCRM 7.1.8 - Unrestricted File Upload
CVSS 8.8
CVE-2022-38323 HIGH
Event Management System v1.0 - Arbitrary File Upload via /Royal_Event/update_image.php
CVSS 7.2
CVE-2022-37140 HIGH
PayMoney 3.3 - Client-Side Remote Code Execution via Malicious RTF File Upload
CVSS 8.0
CVE-2022-36667 HIGH
Garage Management System 1.0 - Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2022-38305 HIGH
AeroCMS 0.0.1 - Arbitrary File Upload via Profile Admin Endpoint
CVSS 8.8
CVE-2022-38296 CRITICAL
Cuppa CMS v1.0 - File Upload
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits