CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-35261 CRITICAL
bearadmin - Unrestricted File Upload and Remote Code Execution via Ueditor Upfile Function
CVSS 9.8
CVE-2021-36426 HIGH
phpwcms < 1.9.26 - Remote Code Execution via File Upload in general.inc.php
CVSS 8.8
CVE-2021-41231 HIGH
OpenMage Magento < 19.4.22 - Authenticated Arbitrary Code Execution via DataFlow Convert Profile
CVSS 7.2
CVE-2021-26642 HIGH
XpressEngine < 3.0.14 and >=0 < 3.0.15 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2021-43258 HIGH
ChurchInfo 1.2.13-1.3.0 - Authenticated Remote Code Execution via Email Attachment Upload
CVSS 8.8
CVE-2021-38397 CRITICAL
Honeywell Experion PKS C200 C200E C300 and ACE - Unrestricted File Upload and Remote Code Execution
CVSS 10.0
CVE-2021-45790 CRITICAL
Metersphere v1.15.4 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2021-44426 HIGH
AnyDesk < 6.2.6 and 6.3.x < 6.3.5 - Unauthenticated Arbitrary File Upload to Victim Downloads Directory
CVSS 8.8
CVE-2021-29891 MEDIUM
IBM Power System AC922 & HMC 7063-CR2 Firmware - Unrestricted Dangerous File Upload via Site Identity Certificate
CVSS 4.9
CVE-2021-36711 CRITICAL
OctoBot < 0.4.4 - Remote Code Execution via Tentacles Upload
CVSS 9.8
CVE-2021-36461 HIGH
Microweber 1.1.3 - Arbitrary File Upload via Settings Upload Picture
CVSS 8.8
CVE-2021-29281 CRITICAL
GFI Archiver <= 15.1 - Unauthenticated Arbitrary File Upload via Telerik Web UI Plugin
CVSS 9.8
CVE-2021-37770 HIGH
Nucleus CMS 3.71 - Unrestricted File Upload via Htaccess Manipulation
CVSS 7.2
CVE-2021-38945 CRITICAL
IBM Cognos Analytics 11.1.0-11.1.7 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2021-40954 CRITICAL
Laiketui 3.5.0 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2021-41421 MEDIUM
MaianAffiliate 1.0 - Authenticated Remote Code Execution via PHP File Upload
CVSS 4.8
CVE-2021-40940 CRITICAL
Monstra 3.0.4 - Unrestricted File Upload
CVSS 9.8
CVE-2021-42675 CRITICAL
Kreado Kreasfero 1.5 - Unrestricted Upload of Dangerous File Type
CVSS 9.8
CVE-2021-35532 MEDIUM
Hitachi Energy TXpert Hub CoreTec <2.2.1 - Code Injection
CVSS 6.7
CVE-2021-45982 HIGH
NetScout nGeniusONE 6.3.2 - Privilege Escalation
CVSS 8.8
CVE-2021-33615 HIGH
RSA Archer <6.8.00500.1003 - Unrestricted Upload
CVSS 7.5
CVE-2021-26634 CRITICAL
maxb maxboard < 1.9.6 - Unrestricted File Upload and SQL Injection
CVSS 9.8
CVE-2021-42654 CRITICAL
SiteServer CMS < 5.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2021-41938 HIGH
ShopXO CMS 2.2.0 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2021-25119 HIGH
AGIL WordPress <1.0 - RCE
CVSS 7.2
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits