CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-3129 MEDIUM
Online Driving School Project - Unrestricted File Upload via registration.php
CVSS 6.3
CVE-2022-36582 HIGH
Garage Management System <1.0 - RCE
CVSS 7.2
CVE-2022-36580 HIGH
Online Ordering System <v2.3.2 - RCE
CVSS 7.2
CVE-2022-37184 HIGH
Garage Management System 1.0 - Authenticated Shell File Upload via manage_website.php
CVSS 8.8
CVE-2022-36557 CRITICAL
Seiko SkyBridge MB-A100/A110 <4.2.0 - Code Injection
CVSS 9.8
CVE-2022-37159 CRITICAL
Claroline < 13.5.7 - Remote Code Execution via Arbitrary File Upload
CVSS 9.8
CVE-2022-37181 CRITICAL
72crm 9.0 - Arbitrary File Upload
CVSS 9.8
CVE-2022-36285 HIGH
WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Auth ...
CVSS 7.2
CVE-2022-35150 CRITICAL
baijiacms v4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-2594 HIGH
Advanced Custom Fields <5.12.3 - Info Disclosure
CVSS 8.8
CVE-2022-2909 MEDIUM
Simple and Nice Shopping Cart Script - Unrestricted File Upload via Profile Image Upload
CVSS 6.3
CVE-2022-2180 CRITICAL
greyd.suite < 1.2.7 - Unauthenticated Arbitrary File Upload via Custom Font Package
CVSS 9.8
CVE-2022-2804 MEDIUM
SourceCodester Zoo Management System - Unrestricted Upload
CVSS 6.3
CVE-2022-2779 MEDIUM
Gas Agency Management System - Unrestricted Upload of File with Dangerous Type via oneWord.php
CVSS 6.3
CVE-2022-2751 MEDIUM
Company Website CMS - Unrestricted File Upload via ufile Parameter in /dashboard/add-portfolio.php
CVSS 6.3
CVE-2022-2750 MEDIUM
Company Website CMS - Unrestricted File Upload via Add Service Handler
CVSS 6.3
CVE-2022-2749 MEDIUM
Gym Management System - Unrestricted Upload of File with Dangerous Type via /mygym/admin/index.php?view_exercises
CVSS 4.7
CVE-2022-2746 MEDIUM
Simple Online Book Store System - Unrestricted File Upload in Admin_add.php
CVSS 6.3
CVE-2022-2744 MEDIUM
Gym Management System - Unrestricted File Upload via exer_img Parameter
CVSS 6.3
CVE-2022-2740 MEDIUM
Company Website CMS - Unrestricted File Upload via Add Blog ufile Parameter
CVSS 6.3
CVE-2022-2736 MEDIUM
Company Website CMS - Unrestricted File Upload via Background Logo Update
CVSS 6.3
CVE-2022-35426 CRITICAL
UCMS 1.6 - Arbitrary File Upload via File PHP Endpoint
CVSS 9.8
CVE-2022-36264 CRITICAL
Airspan AirSpot 5410 <0.3.4.1-4 - Unauthenticated RCE
CVSS 9.1
CVE-2022-2356 HIGH
Frontend File Manager & Sharing <1.1.3 - Code Injection
CVSS 8.8
CVE-2022-2046 MEDIUM
Directorist < 7.2.3 - Authenticated Arbitrary Plugin Installation via Unrestricted URL Domain
CVSS 4.9
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits