CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-47788 HIGH
WebsiteBaker 2.13.0 - Authenticated Remote Code Execution via Language Installation Endpoint
CVSS 8.8
CVE-2021-47783 MEDIUM
phpwcms 1.9.30 - Authenticated Unrestricted Upload of Dangerous File via SVG File Upload
CVSS 5.4
CVE-2021-47819 CRITICAL
ProjeQtOr Project Management 9.1.4 - RCE
CVSS 9.8
CVE-2021-47758 HIGH
Chikitsa Patient Management System 2.0.2 - Authenticated Remote Code Execution via Malicious Plugin Upload
CVSS 8.8
CVE-2021-47757 HIGH
Chikitsa Patient Management System 2.0.2 - Authenticated Remote Code Execution via Backup Restoration
CVSS 8.8
CVE-2021-47753 CRITICAL
phpKF CMS 3.00 Beta y6 - Unauthenticated Arbitrary File Upload via File Extension Bypass
CVSS 9.8
CVE-2021-4462 CRITICAL
Employee Records System 1.0 - Unauthenticated Unrestricted File Upload via uploadID.php
CVSS 9.8
CVE-2021-4457 CRITICAL
ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload
CVSS 9.1
CVE-2021-4455 CRITICAL
Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2021-4449 CRITICAL
ZoomSounds < 5.96 - Unauthenticated Arbitrary File Upload via savepng.php
CVSS 9.8
CVE-2021-4443 CRITICAL
WordPress Mega Menu - QuadMenu <= 2.0.6 - Unauthenticated Arbitrary File Creation via compiler_save AJAX Action
CVSS 9.8
CVE-2021-35002 HIGH
BMC Track-It! - Authenticated Remote Code Execution via Email Attachment Upload
CVSS 8.8
CVE-2021-4436 CRITICAL
3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload via p3dlite_handle_upload AJAX Action
CVSS 9.8
CVE-2021-31314 CRITICAL
ejinshan terminal_security_system v8+ - Arbitrary File Upload
CVSS 9.8
CVE-2021-4382 HIGH
Recently < 3.0.5 - Authenticated Arbitrary File Upload via fetch_external_image()
CVSS 8.8
CVE-2021-4354 HIGH
PWA for WP & AMP <1.7.32 - File Upload
CVSS 8.8
CVE-2021-34076 HIGH
PHPOK 5.7.140 - Remote Code Execution via Crafted Zip File Upload
CVSS 8.8
CVE-2021-28998 HIGH
CMS Made Simple <= 2.2.15 - Authenticated Arbitrary File Upload via PHAR File
CVSS 7.2
CVE-2021-27280 HIGH
mblog 3.5.0 - OS Command Injection via Theme Selection
CVSS 7.8
CVE-2021-3267 HIGH
KiteCMS 1.1 - Remote Code Execution
CVSS 7.2
CVE-2021-31707 CRITICAL
KiteCMS - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2021-33352 CRITICAL
Wyomind Help Desk Magento 2 <1.3.7 - RCE
CVSS 9.8
CVE-2021-4330 HIGH
Envato Elements & Download - Path Traversal
CVSS 8.8
CVE-2021-35290 HIGH
Balero CMS 0.8.3 - Remote Code Execution via Rich Text Editor File Upload
CVSS 7.2
CVE-2021-33224 CRITICAL
Umbraco Forms 8.7.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits