CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-2694 MEDIUM
Company Website CMS - Unrestricted Upload of File with Dangerous Type
CVSS 6.3
CVE-2022-2678 MEDIUM
Alphaware Simple E-Commerce System - Unrestricted File Upload in Background Management Page
CVSS 6.3
CVE-2022-2647 HIGH
jeecg-boot - Unrestricted Upload of File with Dangerous Type via /api/ Endpoint
CVSS 7.3
CVE-2022-34613 CRITICAL
Mealie 1.0.0beta3 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-34154 HIGH
Enable SVG, WebP & ICO Upload < 1.0.1 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2022-34496 CRITICAL
Hiby R3 PRO and R3 PRO Saber Firmware 1.5-1.7 - Unrestricted Upload of File with Dangerous Type via File Upload Feature
CVSS 9.8
CVE-2022-34578 HIGH
Open Source Point of Sale 3.3.7 - Unrestricted Upload of File with Dangerous Type via Update Branding Settings
CVSS 7.2
CVE-2022-34120 HIGH
Barangay Management System v1.0 - RCE
CVSS 7.2
CVE-2022-34549 HIGH
Sims v1.0 - Arbitrary File Upload via /uploadServlet
CVSS 8.8
CVE-2022-34971 HIGH
Feehi CMS 2.1.1 - Arbitrary File Upload via Advertising Management Module
CVSS 8.8
CVE-2022-34965 HIGH
Open Source Social Network 6.3 - Authenticated Arbitrary File Upload via Administrator Component
CVSS 7.2
CVE-2022-34115 CRITICAL
DataEase < 1.11.2 - Arbitrary File Write via dataSourceId Parameter
CVSS 9.8
CVE-2022-28700 CRITICAL
GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation via Export Function
CVSS 9.1
CVE-2022-34024 HIGH
Barangay Management System v1.0 - File Upload
CVSS 7.2
CVE-2022-1565 HIGH
WP All Import < 3.6.8 - Authenticated Arbitrary File Upload via wp_all_import_get_gz.php
CVSS 7.2
CVE-2022-24688 HIGH
DSK DSKNet 2.16.136.0 and 2.17.136.5 - Authenticated Remote Code Execution via PDF Upload with PHP Extension
CVSS 8.8
CVE-2022-31161 CRITICAL
Roxy-WI <6.1.1.0 - Command Injection
CVSS 10.0
CVE-2022-32119 HIGH
Arox School ERP Pro 1.0 - Arbitrary File Upload via Add Photo and Import Staff Excel Functions
CVSS 8.8
CVE-2022-2420 HIGH
eveo urve_web_manager - Unrestricted File Upload via _internal/uploader.php
CVSS 8.0
CVE-2022-2419 HIGH
eveo urve_web_manager - Unrestricted File Upload in upload.php
CVSS 8.0
CVE-2022-2418 HIGH
eveo urve_web_manager - Unrestricted File Upload via img_upload.php
CVSS 8.0
CVE-2022-22450 LOW
IBM Security Verify Identity Manager 10.0 - Privilege Escalation
CVSS 3.8
CVE-2022-28372 HIGH
Verizon 5G Home LVSKIHP IDU/ODU - File Upload
CVSS 7.5
CVE-2022-28369 CRITICAL
Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 - RCE
CVSS 9.8
CVE-2022-32114 HIGH
Strapi 4.1.12 - Stored Cross-Site Scripting via PDF Upload in Add New Assets
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits