CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,018 vulnerabilities with CWE-434
CVE-2021-37926 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37924 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37923 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37921 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37920 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37919 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37918 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37762 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-3832 CRITICAL
Integria IMS <5.0.92 - RCE
CVSS 9.8
CVE-2021-40324 HIGH
Cobbler <3.3.0 - Code Injection
CVSS 7.5
CVE-2021-41290 CRITICAL
ECOA BAS controller - Path Traversal
CVSS 9.8
CVE-2021-37105 HIGH
Huawei Fusioncompute - Unrestricted File Upload
CVSS 7.5
CVE-2021-37761 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-37539 CRITICAL
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-26794 CRITICAL
Frogcms - Unrestricted File Upload
CVSS 9.8
CVE-2021-37741 HIGH
Zohocorp Manageengine Admanager Plus < 7.1 - Unrestricted File Upload
CVSS 8.8
CVE-2021-24663 HIGH
Simple Schools Staff Directory < 1.1 - Unrestricted File Upload
CVSS 7.2
CVE-2021-33698 HIGH
SAP Business One <10.0 - Code Injection
CVSS 8.8
CVE-2021-40845 HIGH
Zenitel AlphaCom XE Audio Server <11.2.3.10 - Code Injection
CVSS 8.8
CVE-2021-36582 CRITICAL
Kooboo CMS 2.1.1.0 - Command Injection
CVSS 9.8
CVE-2021-36581 CRITICAL
Kooboo CMS 2.1.1.0 - Code Injection
CVSS 9.8
CVE-2021-24620 HIGH
Simple-e-commerce-shopping-cart < 2.2.5 - CSRF
CVSS 8.8
CVE-2021-24493 CRITICAL
Ingenesis Shopp < 1.4 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24490 MEDIUM
Email Artillery < 4.1 - CSRF
CVSS 6.8
CVE-2021-36440 CRITICAL
ShowDoc v2.9.5 - RCE
CVSS 9.8
Details
Vulnerabilities 4,018
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits