CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,130 vulnerabilities with CWE-434
CVE-2022-0959
MEDIUM
pgAdmin 4 < 6.7 - Authenticated Path Traversal via File Upload
CVSS 6.5
CVE-2022-25495
CRITICAL
CuppaCMS 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via jQuery File Upload
CVSS 9.8
CVE-2022-25487
CRITICAL
Thedigitalcraft Atomcms - Unrestricted File Upload
CVSS 9.8
CVE-2022-0951
MEDIUM
showdoc < 2.10.4 - File Upload Restriction Bypass and Stored Cross-Site Scripting
CVSS 6.1
CVE-2022-0950
MEDIUM
showdoc < 2.10.4 - Unrestricted Upload of File with Dangerous Type
CVSS 5.4
CVE-2022-0945
MEDIUM
showdoc < 2.10.4 - Stored Cross-Site Scripting via File Upload
CVSS 5.4
CVE-2022-24749
MEDIUM
Sylius <1.9.10, <1.10.11, <1.11.2 - XSS
CVSS 6.1
CVE-2022-0962
MEDIUM
showdoc < 2.10.4 - Stored Cross-Site Scripting via .webma File Upload
CVSS 5.4
CVE-2022-0960
MEDIUM
showdoc < 2.10.4 - Stored Cross-Site Scripting via .properties File Upload
CVSS 5.4
CVE-2022-24387
CRITICAL
SmarterTrack <100.0.8019.14010 - Privilege Escalation
CVSS 9.1
CVE-2022-0930
MEDIUM
microweber < 1.2.12 - Stored Cross-Site Scripting via File Upload Filter Bypass
CVSS 4.8
CVE-2022-0921
MEDIUM
microweber < 1.2.12 - Remote Code Execution via Backup/Restore Feature
CVSS 6.7
CVE-2022-0912
MEDIUM
microweber < 1.2.11 - Unrestricted Upload of File with Dangerous Type
CVSS 4.8
CVE-2022-26521
HIGH
Abantecart <= 1.3.2 - Authenticated Remote Code Execution via Media Manager Image Upload
CVSS 7.2
CVE-2022-24652
CRITICAL
sentcms 4.0.x - Unauthenticated Arbitrary File Upload via Admin Upload Interface
CVSS 9.8
CVE-2022-24651
CRITICAL
sentcms 4.0.x - Unauthenticated Arbitrary File Upload via /user/upload/upload
CVSS 9.8
CVE-2022-0440
HIGH
Catch Themes Demo Import <2.1.1 - RCE
CVSS 7.2
CVE-2022-25115
HIGH
Home Owners Collection Management System - Remote Code Execution via Avatar PNG Upload
CVSS 7.8
CVE-2022-25016
CRITICAL
Home Owners Collection Management System v1.0 - Arbitrary File Upload via Student Attendance Component
CVSS 9.8
CVE-2022-24254
HIGH
Extensis Portfolio 4.0 - Remote Code Execution via Backup/Restore Archive ZIP File
CVSS 8.8
CVE-2022-24253
HIGH
Extensis Portfolio v4.0 - Unrestricted File Upload
CVSS 8.8
CVE-2022-24252
HIGH
Extensis Portfolio 4.0 - Remote Code Execution via FileTransferServlet Unrestricted File Upload
CVSS 8.8
CVE-2022-24251
HIGH
Extensis Portfolio v4.0 - Unrestricted File Upload
CVSS 8.8
CVE-2022-25411
CRITICAL
Maxsite CMS v180 - Remote Code Execution via File Upload in Admin Options
CVSS 9.8
CVE-2022-23906
HIGH
CMS Made Simple 2.2.15 - Remote Code Execution via Avatar Upload
CVSS 7.2
Details
Vulnerabilities
4,130
Exploit Likelihood
Medium