CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-26607 HIGH
baigo CMS v3.0-alpha-2 - Remote Code Execution via PHP File Upload
CVSS 7.2
CVE-2022-26605 HIGH
eZiosuite v2.0.7 - Authenticated File Upload
CVSS 8.8
CVE-2022-26630 HIGH
jellycms < 3.8.1 - Arbitrary File Upload via db.php
CVSS 8.8
CVE-2022-26619 HIGH
Halo Blog CMS <1.4.17 - File Upload
CVSS 7.5
CVE-2022-0537 HIGH
MapPress Maps for WordPress <2.73.13 - Auth Bypass
CVSS 7.2
CVE-2022-0403 HIGH
Library File Manager < 5.2.3 - Authenticated Arbitrary File Upload via elFinder Library
CVSS 8.1
CVE-2022-28062 HIGH
online_car_rental_system v1.0 - Arbitrary File Upload and Remote Code Execution via Add Car Component
CVSS 8.8
CVE-2022-27435 HIGH
Ecommerce-Website 1.1.0 - Unrestricted File Upload via Product Image Component
CVSS 8.8
CVE-2022-27249 HIGH
reftree < 2021.09.17 - Authenticated Unrestricted File Upload via UploadDwg
CVSS 8.8
CVE-2022-23155 HIGH
Dell Wyse Management Suite 2.0-3.5.2 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2022-24136 CRITICAL
Hospital Management System v1.0 - Code Injection
CVSS 9.8
CVE-2022-26645 CRITICAL
Online Banking System Protect v1.0 - RCE
CVSS 9.8
CVE-2022-28223 CRITICAL
Tekon KIO Firmware < 2022-03-30 - Authenticated Privilege Escalation via Malicious Lua Plugin Upload
CVSS 9.1
CVE-2022-0499 HIGH
Sermon Browser < 0.45.22 - Unauthenticated Arbitrary File Upload via CSRF
CVSS 8.8
CVE-2022-23880 CRITICAL
taoCMS 3.0.2 - Unauthenticated Arbitrary File Upload via File Management Module
CVSS 9.8
CVE-2022-22952 CRITICAL
VMware Carbon Black App Control < 8.5.14/8.6.6/8.7.4/8.8.2 - Authenticated RCE via File Upload
CVSS 9.1
CVE-2022-0888 CRITICAL
Ninja Forms File Uploads Extension < 3.3.0 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2022-1033 HIGH
crater < 6.0.6 - Unrestricted Upload of File with Dangerous Type
CVSS 7.8
CVE-2022-1034 HIGH
showdoc < 2.10.4 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2022-23346 HIGH
BigAnt Server 5.6.06 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-0687 HIGH
Amelia WordPress <1.0.47 - Code Injection
CVSS 8.8
CVE-2022-0415 HIGH
Gogs < 0.12.6 - Remote Code Execution via Repository File Upload
CVSS 8.8
CVE-2022-25581 HIGH
classcms < 2.5 - Arbitrary File Upload and Remote Code Execution via Crafted .txt File
CVSS 7.8
CVE-2022-25602 HIGH
ExpressTech Responsive Menu <= 4.1.7 - Arbitrary File Upload via Nonce Token Leak
CVSS 8.3
CVE-2022-26965 HIGH
Pluck 4.7.16 - Authenticated Remote Code Execution via Theme Upload
CVSS 7.2
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits