CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-46013 CRITICAL
Sourcecodester Free school management software 1.0 - RCE
CVSS 9.8
CVE-2021-41550 HIGH
Leostream Connection Broker 9.0.40.17 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2021-38697 CRITICAL
SoftVibe SARABAN for INFOMA 1.1 - RCE
CVSS 9.8
CVE-2021-33828 HIGH
ownCloud files_antivirus < 1.0.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2021-34997 HIGH
Commvault CommCell - Unauthenticated Arbitrary File Upload via AppStudioUploadHandler
CVSS 8.8
CVE-2021-34995 HIGH
Commvault CommCell - Unauthenticated Arbitrary File Upload via DownloadCenterUploadHandler
CVSS 8.8
CVE-2021-45411 CRITICAL
Printable Staff ID Card Creator System 1.0 - Authenticated Remote Code Execution via Arbitrary File Upload
CVSS 9.8
CVE-2021-44651 HIGH
ManageEngine CloudSecurityPlus < 4.1 - Remote Code Execution via updatePersonalizeSettings Component
CVSS 8.8
CVE-2021-4080 HIGH
crater - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2021-43973 HIGH
SysAid ITIL <20.4.74 b10 - File Upload
CVSS 8.8
CVE-2021-46079 HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - File Upload
CVSS 7.2
CVE-2021-46078 MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
CVSS 4.8
CVE-2021-46076 HIGH
Sourcecodester Vehicle Service Management System 1.0 - Code Injection
CVSS 8.8
CVE-2021-44031 CRITICAL
Quest KACE Desktop Authority < 11.2 - Unauthenticated Remote Code Execution via ASP File Upload
CVSS 9.8
CVE-2021-24981 HIGH
Directorist < 7.0.6.2 - Cross-Site Request Forgery to Remote File Upload
CVSS 7.5
CVE-2021-35244 MEDIUM
SolarWinds Orion Platform - Authenticated Remote Code Execution via Log Alert File Action
CVSS 6.8
CVE-2021-44164 CRITICAL
Chinasea QB Smart Service Robot - Unrestricted File Upload
CVSS 9.8
CVE-2021-44159 CRITICAL
4mosan gcb_doctor < 2021-09-16 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2021-23814 MEDIUM
unisharp/laravel-filemanager < 2.6.2 - Unrestricted Upload of File with Dangerous Type via upload() Function
CVSS 6.7
CVE-2021-41560 CRITICAL
OpenCATS <= 0.9.6 - Remote Code Execution via Executable File Upload
CVSS 9.8
CVE-2021-41870 HIGH
Socomec REMOTE VIEW PRO 2.0.41.4 - Authenticated Arbitrary File Upload via Firmware Update Form
CVSS 8.8
CVE-2021-43829 HIGH
PatrOwl <1.7.7 - XSS, Code Injection
CVSS 7.4
CVE-2021-40883 CRITICAL
emlog 5.3.1 - Remote Code Execution
CVSS 9.8
CVE-2021-43117 CRITICAL
fastadmin v1.2.1 - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2021-27984 HIGH
Pluck CMS 4.7.15 - Admin File Upload Command Execution
CVSS 8.1
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits