CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-26149 HIGH
MODX Revolution <2.8.3-pl - Authenticated RCE
CVSS 7.2
CVE-2022-25360 HIGH
WatchGuard Fireware < 12.1.3_U8, 12.2.x-12.5.x < 12.5.9_U2, < 12.7.2_U2 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2022-23043 HIGH
Zenario CMS < 9.2.55826 - Authenticated Remote Code Execution via .phar File Upload Bypass
CVSS 7.2
CVE-2022-24553 CRITICAL
zfaka <= 1.4.5 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2022-23375 HIGH
WikiDocs 0.1.18 - Authenticated Remote Code Execution via Image Upload Form
CVSS 8.8
CVE-2022-0409 HIGH
Packagist showdoc/showdoc <2.10.2 - File Injection
CVSS 7.8
CVE-2022-24984 CRITICAL
jqueryform < 2022-02-05 - Unauthenticated Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2022-23390 CRITICAL
diyhi bbs_forum < 5.3 - Unrestricted Upload of File with Dangerous Type via getType Function
CVSS 9.8
CVE-2022-23048 HIGH
Exponent CMS 2.6.0patch2 - Authenticated Arbitrary File Upload via ZIP Extension
CVSS 7.2
CVE-2022-24676 HIGH
hyphp/hybbs2 < 2.3.3 - Arbitrary File Upload via Crafted ZIP Archive
CVSS 8.8
CVE-2022-0472 MEDIUM
Packagist jsdecena/laracom <2.0.9 - File Injection
CVSS 5.4
CVE-2022-23329 CRITICAL
Jspxcms 10.2.0 - Remote Code Execution via Freemarker Template Utility
CVSS 9.8
CVE-2022-24262 HIGH
Voipmonitor < 24.96 - Remote Code Execution via Config Restore Function
CVSS 8.8
CVE-2022-23026 MEDIUM
BIG-IP ASM & Advanced WAF 12.1.0-12.1.5 - Authenticated Unrestricted File Upload via REST Endpoint
CVSS 4.3
CVE-2022-23315 CRITICAL
MCMS v5.2.4 - Arbitrary File Upload via /ms/template/writeFileContent.do
CVSS 9.8
CVE-2022-22929 CRITICAL
MCMS v5.2.4 - Arbitrary File Upload via New Template Module
CVSS 9.8
CVE-2022-0263 HIGH
Packagist pimcore/pimcore <10.2.7 - File Injection
CVSS 7.8
CVE-2022-0242 HIGH
Crater < 6.0 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2021-47965 CRITICAL
WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload
CVSS 9.8
CVE-2021-47943 HIGH
TextPattern CMS 4.8.7 Remote Code Execution via File Upload
CVSS 8.8
CVE-2021-47937 HIGH
e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload
CVSS 8.8
CVE-2021-35485 HIGH
Nokia IMPACT <=19.11.2.10 - Authenticated RCE
CVSS 8.0
CVE-2021-47904 HIGH
PhreeBooks 5.2.3 - Authenticated RCE
CVSS 8.8
CVE-2021-47899 MEDIUM
YetiShare File Hosting Script 5.1.0 - SSRF
CVSS 4.0
CVE-2021-47888 HIGH
Textpattern <4.8.3 - Authenticated RCE
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits