CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,018 vulnerabilities with CWE-434
CVE-2021-44651 HIGH
Zohocorp Manageengine Cloud Security Plus - Unrestricted File Upload
CVSS 8.8
CVE-2021-4080 HIGH
crater - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2021-43973 HIGH
SysAid ITIL <20.4.74 b10 - File Upload
CVSS 8.8
CVE-2021-46079 HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - File Upload
CVSS 7.2
CVE-2021-46078 MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
CVSS 4.8
CVE-2021-46076 HIGH
Sourcecodester Vehicle Service Management System 1.0 - Code Injection
CVSS 8.8
CVE-2021-44031 CRITICAL
Quest Kace Desktop Authority < 11.2 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24981 HIGH
Directorist WP <7.0.6.2 - CSRF
CVSS 7.5
CVE-2021-35244 MEDIUM
Orion Platform - RCE
CVSS 6.8
CVE-2021-44164 CRITICAL
Chinasea QB Smart Service Robot - Unrestricted File Upload
CVSS 9.8
CVE-2021-44159 CRITICAL
4mosan Gcb Doctor < 2021-09-16 - Unrestricted File Upload
CVSS 9.8
CVE-2021-23814 MEDIUM
Unisharp Laravel-filemanager < 2.6.2 - Code Injection
CVSS 6.7
CVE-2021-41560 CRITICAL
Opencats < 0.9.6 - Unrestricted File Upload
CVSS 9.8
CVE-2021-41870 HIGH
Socomec Remote View Pro Firmware - Unrestricted File Upload
CVSS 8.8
CVE-2021-43829 HIGH
PatrOwl <1.7.7 - XSS, Code Injection
CVSS 7.4
CVE-2021-40883 CRITICAL
emlog 5.3.1 - RCE
CVSS 9.8
CVE-2021-43117 CRITICAL
fastadmin <1.2.1 - RCE
CVSS 9.8
CVE-2021-27984 HIGH
Pluck-4.7.15 - RCE
CVSS 8.1
CVE-2021-36719 HIGH
Cybonet Mail Secure < 5.2.1 - Unrestricted File Upload
CVSS 8.8
CVE-2021-27860 CRITICAL KEV
FatPipe WARP/IPVPN/MPVPN <10.1.2r60p92-10.2.2r44p1 - File Upload
CVSS 9.8
CVE-2021-42133 HIGH
Ivanti Avalanche <6.3.3 - Privilege Escalation
CVSS 8.1
CVE-2021-42125 HIGH
Ivanti Avalanche < 6.3.3 - Insecure Deserialization
CVSS 8.8
CVE-2021-43936 CRITICAL
WebHMI - Code Injection
CVSS 10.0
CVE-2021-23562 MEDIUM
Tiny Plupload < 2.3.9 - Unrestricted File Upload
CVSS 4.2
CVE-2021-42099 CRITICAL
Zohocorp Manageengine M365 Manager Plus - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,018
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits