CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,018 vulnerabilities with CWE-434
CVE-2021-37221 HIGH
Customer Relationship Management System - Unrestricted File Upload
CVSS 8.8
CVE-2021-37372 HIGH
Online Student Admission System - Unrestricted File Upload
CVSS 8.8
CVE-2021-40344 HIGH
Nagios XI <5.8.5 - RCE
CVSS 7.2
CVE-2021-41178 HIGH
Nextcloud <20.0.13, 21.0.5, 22.2.0 - Path Traversal
CVSS 8.8
CVE-2021-39221 MEDIUM
Nextcloud Contacts < 4.0.3 - XSS
CVSS 6.4
CVE-2021-42840 HIGH
Salesagility Suitecrm < 7.11.19 - Unrestricted File Upload
CVSS 8.8
CVE-2021-41745 CRITICAL
Showdoc < 2.8.5 - Unrestricted File Upload
CVSS 9.8
CVE-2021-38471 CRITICAL
Multiple API - Info Disclosure
CVSS 9.1
CVE-2021-39352 HIGH
Wordpress Plugin Catch Themes Demo Import RCE
CVSS 7.2
CVE-2021-3846 HIGH
firefly-iii - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2021-38484 CRITICAL
InHand Networks IR615 Router <2.3.0.r4870 - RCE
CVSS 9.1
CVE-2021-38346 HIGH
Brizy Page Builder <=2.3.11 - Path Traversal
CVSS 8.8
CVE-2021-42342 CRITICAL
Embedthis Goahead < 4.1.3 - Unrestricted File Upload
CVSS 9.8
CVE-2021-20131 HIGH
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 8.8
CVE-2021-20130 HIGH
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 8.8
CVE-2021-20125 CRITICAL
Draytek Vigorconnect - Path Traversal
CVSS 9.8
CVE-2021-40189 HIGH
PHPFusion 9.03.110 - RCE
CVSS 7.2
CVE-2021-40188 HIGH
PHPFusion 9.03.110 - Code Injection
CVSS 7.2
CVE-2021-39317 HIGH
Accesspressthemes Access Demo Importer - Improper Authorization
CVSS 8.8
CVE-2021-41919 HIGH
Webtareas < 2.4 - Unrestricted File Upload
CVSS 8.8
CVE-2021-41566 CRITICAL
Tadtools < 3.2.2 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37931 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37930 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37929 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37928 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
Details
Vulnerabilities 4,018
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits