CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-33009 HIGH
mySCADA myPRO <8.20.0 - File Upload
CVSS 7.5
CVE-2021-42967 CRITICAL
novel-plus - Unrestricted Upload of File with Dangerous Type via FileController
CVSS 9.8
CVE-2021-27771 HIGH
HCL Sametime - Path Traversal and Arbitrary File Upload via User SID Manipulation
CVSS 8.2
CVE-2021-42645 CRITICAL
CMSimple_XH 1.7.4 - Remote Code Execution via File Upload
CVSS 10.0
CVE-2021-43934 CRITICAL
Elcomplus SmartPTT - File Upload Vulnerability
CVSS 9.8
CVE-2021-41921 CRITICAL
novel-plus 3.6.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-26628 HIGH
maxboard < 1.9.6.1 - Unauthenticated Arbitrary File Upload via Admin Page
CVSS 8.1
CVE-2021-4225 HIGH
SP Project & Document Manager WordPress <4.24 - Auth Bypass
CVSS 8.8
CVE-2021-39040 HIGH
IBM Planning Analytics Workspace 2.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.0
CVE-2021-4096 HIGH
Fancy Product Designer <4.7.5 - CSRF
CVSS 8.8
CVE-2021-46367 HIGH
ritecms < 3.1.0 - Authenticated Remote Code Execution via PHP File Upload
CVSS 7.2
CVE-2021-43430 HIGH
BigAntSoft BigAnt office messenger <5.6 - Code Injection
CVSS 8.8
CVE-2021-43421 CRITICAL
Studio-42 elFinder 2.0.4-2.1.59 - Unauthenticated Arbitrary File Upload via connector.minimal.php
CVSS 9.8
CVE-2021-28428 CRITICAL
HorizontCMS - Unrestricted File Upload via .htaccess and *.hello Files
CVSS 9.8
CVE-2021-32961 HIGH
MDT AutoSave <6.02.06 - Code Injection
CVSS 7.5
CVE-2021-34257 HIGH
wpanel_cms < 4.3.1 - Authenticated Remote Code Execution via Malicious File Upload
CVSS 8.8
CVE-2021-45865 CRITICAL
Sourcecodester Student Attendance Management System 1.0 - Unrestricted File Upload
CVSS 9.8
CVE-2021-43103 HIGH
DIYHi BBS 5.3 - Remote Code Execution via ForumManageAction File Upload
CVSS 7.2
CVE-2021-43102 HIGH
DIYHi BBS 5.3 - Remote Code Execution via HelpManageAction File Upload
CVSS 7.2
CVE-2021-43101 HIGH
DIYHi BBS 5.3 - Remote Code Execution via MembershipCardManageAction Upload
CVSS 7.2
CVE-2021-43100 HIGH
DIYHi BBS 5.3 - Remote Code Execution via TopicManageAction File Upload
CVSS 7.2
CVE-2021-43098 HIGH
diyhi bbs v5.3 - Unrestricted File Upload via QuestionManageAction.java getType Function
CVSS 7.2
CVE-2021-40905 HIGH
CheckMK Enterprise Edition <2.0.0p9 - RCE
CVSS 8.8
CVE-2021-27428 CRITICAL
GE UR IED <8.1x - Privilege Escalation
CVSS 9.8
CVE-2021-39384 CRITICAL
DWSurvey v3.2.0 - Arbitrary File Write via ToHtmlServlet Component
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits