CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-30216 HIGH
Windows 10 and Windows 11 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-31134 MEDIUM
Zulip Server >2.1.0 - Info Disclosure
CVSS 4.9
CVE-2022-2297 MEDIUM
Clinic's Patient Management System 2.0 - Unrestricted File Upload via profile_picture Parameter
CVSS 6.3
CVE-2022-1952 CRITICAL
easync < 1.1.16 - Unauthenticated Arbitrary File Upload and Remote Code Execution via AJAX Action
CVSS 9.8
CVE-2022-31854 HIGH
Codoforum 5.1 - Authenticated Arbitrary File Upload via Admin Logo Change
CVSS 7.2
CVE-2022-32413 CRITICAL
Dice 4.2.0 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2022-2268 HIGH
WP All Import < 3.6.8 - Authenticated Arbitrary File Upload via Zip Extraction
CVSS 7.2
CVE-2022-31943 CRITICAL
MCMS v5.2.8 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-32994 CRITICAL
Halo CMS 1.5.3 - Arbitrary File Upload via /api/admin/attachments/upload
CVSS 9.8
CVE-2022-31086 HIGH
LDAP Account Manager < 8.0 - Remote Code Execution via PHP Script Upload to PDF Templates
CVSS 8.8
CVE-2022-2212 MEDIUM
Library Management System 1.0 - Unrestricted File Upload via Image Parameter in /card/index.php
CVSS 6.3
CVE-2022-2102 CRITICAL
SEPCOs Control and Protection Relay Firmware 1.23.0-1.23.21 - Arbitrary File Upload via File Extension Bypass
CVSS 9.4
CVE-2022-1519 CRITICAL
illumina local_run_manager 1.3-3.1 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2022-31362 HIGH
Docebo Community Edition <4.0.5 - Arbitrary File Upload
CVSS 8.8
CVE-2022-31374 CRITICAL
SolarView Compact 6.0 - RCE
CVSS 9.8
CVE-2022-2128 CRITICAL
GitHub polonel/trudesk <1.2.4 - File Injection
CVSS 9.8
CVE-2022-1939 HIGH
WordPress Plugin <1.1 - Code Injection
CVSS 7.2
CVE-2022-2111 HIGH
InvenTree < 0.7.2 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-32433 HIGH
Advanced School Management System 1.0 - Remote Code Execution via Teacher View Endpoint
CVSS 7.2
CVE-2022-31041 HIGH
Open Forms <1.0.9, 1.1.1 - File Upload Bypass
CVSS 7.6
CVE-2022-0863 HIGH
WP SVG Icons < 3.2.3 - Authenticated Remote Code Execution via Malicious ZIP Upload
CVSS 7.2
CVE-2022-30860 HIGH
FUDforum < 3.1.2 - Authenticated Remote Code Execution via File Upload in Admin Control Panel
CVSS 7.2
CVE-2022-32019 CRITICAL
Car Rental Management System 1.0 - Remote Code Execution via Admin AJAX Car Save Action
CVSS 9.8
CVE-2022-30822 HIGH
Wedding Management System v1.0 - File Upload
CVSS 8.8
CVE-2022-30821 HIGH
Wedding Management System v1.0 - File Upload
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits