CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-45835 CRITICAL
Online Admission System 1.0 - Code Injection
CVSS 9.8
CVE-2021-45834 CRITICAL
OpenDocMan 1.4.4 - Unrestricted Upload of Dangerous File Types via MIME Bypass
CVSS 9.8
CVE-2021-45040 CRITICAL
spatie/laravel_media_library < 1.17.10 - Unauthenticated Executable File Upload via Uploads Route
CVSS 9.8
CVE-2021-42171 HIGH
Zenario < 9.0.55143 - Unauthenticated Remote Code Execution via File Upload
CVSS 7.2
CVE-2021-25003 CRITICAL
WPCargo Track & Trace < 6.9.0 - Unauthenticated Arbitrary File Write and Remote Code Execution
CVSS 9.8
CVE-2021-44673 HIGH
Croogo 3.0.2 - Remote Code Execution via Admin File Manager Attachments Upload
CVSS 8.8
CVE-2021-43970 HIGH
Quicklert for Digium 10.0.0 (1043) - Authenticated Remote Code Execution via .mp3;.jsp File Upload
CVSS 8.8
CVE-2021-24960 MEDIUM
WordPress File Upload <4.16.3 - XSS
CVSS 5.4
CVE-2021-24216 HIGH
All-in-One WP Migration < 7.41 - Authenticated Arbitrary PHP File Upload
CVSS 7.2
CVE-2021-44664 HIGH
Xerte < 3.9 - Authenticated Remote Code Execution via Language File Upload
CVSS 8.8
CVE-2021-44967 HIGH
LimeSurvey 5.2.4 - Authenticated Remote Code Execution via Plugin Upload
CVSS 8.8
CVE-2021-46036 CRITICAL
MCMS v5.2.4 - Arbitrary File Upload via /ms/file/uploadTemplate.do
CVSS 9.8
CVE-2021-22803 CRITICAL
Interactive Graphical SCADA System Data Collector <15.0.0.21243 - RCE
CVSS 9.8
CVE-2021-37194 HIGH
Siemens COMOS < V10.3.3.3, V10.4 < V10.4.1 - Unrestricted File Upload via Web Component
CVSS 7.5
CVE-2021-46360 HIGH
Composr-CMS <10.0.39 - Authenticated RCE
CVSS 8.8
CVE-2021-24947 MEDIUM
RVM WordPress <6.4.2 - Info Disclosure
CVSS 6.5
CVE-2021-46428 CRITICAL
Sourcecodester Simple Chatbot App <1.0 - RCE
CVSS 9.8
CVE-2021-46097 HIGH
Dolphinphp v1.5.0 - Remote Code Execution via Unrestricted File Upload in action_log
CVSS 8.8
CVE-2021-46386 CRITICAL
mingsoft mcms < 5.2.5 - Remote Code Execution via JSPX Webshell Upload
CVSS 9.8
CVE-2021-46116 HIGH
jpress 4.2.0 - Remote Code Execution via Template Install Function
CVSS 7.2
CVE-2021-46115 HIGH
jpress 4.2.0 - Remote Code Execution via Template Upload
CVSS 7.2
CVE-2021-44123 HIGH
SPIP 4.0.0 - Remote Code Execution via Double Extension File Upload
CVSS 8.8
CVE-2021-46033 CRITICAL
ForestBlog <2021-12-28 - Auth Bypass
CVSS 9.8
CVE-2021-46113 HIGH
MartDevelopers KEA-Hotel-ERP <12-31-2021 - RCE
CVSS 8.8
CVE-2021-45808 HIGH
jpress v4.2.0 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits