CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-29353 CRITICAL
Graphql-upload <13.0.0 - Code Injection
CVSS 9.8
CVE-2022-29351 CRITICAL
TiddlyWiki5 v5.2.2 - Arbitrary File Upload via Crafted SVG File
CVSS 9.8
CVE-2022-21809 HIGH
InHand Networks InRouter302 V3.5.4 - File Write
CVSS 8.1
CVE-2022-30448 CRITICAL
Hospital Management System 1.0 - Unrestricted File Upload via treatmentrecord.php
CVSS 9.8
CVE-2022-29655 HIGH
Wedding Management System 1.0 - Remote Code Execution via Upload Photos Module
CVSS 7.2
CVE-2022-29318 HIGH
Car Rental Management System 1.0 - RCE
CVSS 7.2
CVE-2022-28606 CRITICAL
BossCMS 1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-28120 CRITICAL
Open Virtual Simulation Experiment Teaching Management Platform 2.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-1411 MEDIUM
Yetiforce CRM < 6.4.0 - Unrestricted File Upload
CVSS 6.1
CVE-2022-29347 CRITICAL
web@rchiv 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via PHP File
CVSS 9.8
CVE-2022-28568 CRITICAL
Sourcecodester Doctor's Appointment System 1.0 - RCE
CVSS 9.8
CVE-2022-29001 HIGH
SpringBootMovie <=1.2 - File Upload
CVSS 7.2
CVE-2022-20743 MEDIUM
Cisco Firepower Management Center - Auth Bypass
CVSS 6.5
CVE-2022-1273 HIGH
Import WP WordPress Plugin < 2.4.6 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2022-29451 HIGH
Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery Leading to Arbitrary File Upload
CVSS 8.8
CVE-2022-28528 HIGH
bloofoxcms v0.5.2.1 - Arbitrary File Upload via Media Edit Endpoint
CVSS 8.8
CVE-2022-28525 HIGH
ED01-CMS v20180505 - Unrestricted Upload of File with Dangerous Type via User Edit Endpoint
CVSS 8.8
CVE-2022-27468 CRITICAL
monsta_ftp 2.10.3 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2022-22392 HIGH
IBM Planning Analytics Local 2.0 - Code Injection
CVSS 7.8
CVE-2022-28053 HIGH
Typemill 1.5.3 - Arbitrary File Upload via Upload Function
CVSS 8.8
CVE-2022-28440 HIGH
UCMS 1.6 - Unauthenticated Arbitrary File Upload and Remote Code Execution via PHP File
CVSS 8.8
CVE-2022-28021 CRITICAL
Purchase Order Management System 1.0 - Remote Code Execution via User Page File Upload
CVSS 9.8
CVE-2022-27478 HIGH
Victor CMS 1.0 - Remote Code Execution via Admin Profile Upload
CVSS 8.8
CVE-2022-27862 CRITICAL
VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.3 - Arbitrary File Upload via Booking Form Signature
CVSS 9.8
CVE-2022-1329 HIGH
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits