CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434

CVE-2022-1345 CRITICAL

organizr < 2.1.1810 - Stored Cross-Site Scripting via SVG File Upload

CVSS 9.0

CVE-2022-28397 CRITICAL

Ghost CMS 4.42.0 - Authenticated Arbitrary File Upload

CVSS 9.8

CVE-2022-27952 CRITICAL

PayloadCMS 0.15.0 - Arbitrary File Upload and Remote Code Execution via SVG File

CVSS 9.8

CVE-2022-27263 CRITICAL

Strapi v4.1.5 - Arbitrary File Upload and Remote Code Execution

CVSS 9.8

CVE-2022-27262 CRITICAL

Skipper 0.9.1 - Arbitrary File Upload and Remote Code Execution

CVSS 9.8

CVE-2022-27261 HIGH

express-fileupload 1.3.1 - Arbitrary File Write via Multiple File Upload

CVSS 7.5

CVE-2022-27260 CRITICAL

ButterCMS 1.2.8 - Arbitrary File Upload and Remote Code Execution via SVG File

CVSS 9.8

CVE-2022-27140 CRITICAL

express-fileupload 1.3.1 - Arbitrary File Upload via Crafted PHP File

CVSS 9.8

CVE-2022-27139 CRITICAL

Ghost 4.39.0 - Authenticated Arbitrary File Upload via SVG File

CVSS 9.8

CVE-2022-24837 MEDIUM

HedgeDoc 1.9.1-<1.9.3 - Information Disclosure via Enumerable Uploaded Image Filenames

CVSS 5.3

CVE-2022-27115 CRITICAL

Studio-42 elFinder < 2.1.61 - Remote Code Execution via File Upload

CVSS 9.8

CVE-2022-1008 HIGH

One Click Demo Import < 3.1.0 - Authenticated Arbitrary File Upload via Unvalidated Import

CVSS 7.2

CVE-2022-1045 MEDIUM

trudesk < 1.2.0 - Stored Cross-Site Scripting via SVG File Upload

CVSS 5.4

CVE-2022-27477 CRITICAL

newbee-mall v1.0.0 - Arbitrary File Upload via Goods Edit Function

CVSS 9.8

CVE-2022-27131 CRITICAL

zbzcms v1.0 - Arbitrary File Upload and Remote Code Execution via zbz.php

CVSS 9.8

CVE-2022-27129 CRITICAL

zbzcms v1.0 - Arbitrary File Upload via Admin AJAX Endpoint

CVSS 9.8

CVE-2022-27047 CRITICAL

mogu_blog_cms 5.2 - Unrestricted Upload of File with Dangerous Type

CVSS 9.8

CVE-2022-27357 CRITICAL

ecommerce-website 1.0 - Unauthenticated Arbitrary File Upload via Customer Registration Endpoint

CVSS 9.8

CVE-2022-27352 HIGH

Simple House Rental System 1 - Arbitrary File Upload via Register Endpoint

CVSS 8.8

CVE-2022-27351 CRITICAL

Zoo Management System 1.0 - Unauthenticated Arbitrary File Upload via Vacancy Application Endpoint

CVSS 9.8

CVE-2022-27349 HIGH

Social Codia SMS v1 - Unrestricted File Upload via addteacher.php

CVSS 7.2

CVE-2022-27346 HIGH

ecommerce-website 1.1.0 - Unauthenticated Arbitrary File Upload via Slides Endpoint

CVSS 8.8

CVE-2022-27064 HIGH

Musical World v1 - Unrestricted File Upload via uploaded_songs.php

CVSS 8.8

CVE-2022-27061 HIGH

AeroCMS 0.0.1 - Authenticated Arbitrary File Upload via Post Image Function

CVSS 7.2

CVE-2022-26627 HIGH

Online Project Time Management System v1.0 - RCE

CVSS 8.8

Details

Vulnerabilities 4,130

Exploit Likelihood Medium

Links