CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,130 vulnerabilities with CWE-434
CVE-2021-36719
HIGH
PineApp Mail Secure < 5.2.1 - Authenticated Remote Code Execution via nicUpload.php
CVSS 8.8
CVE-2021-27860
CRITICAL
KEV
FatPipe WARP/IPVPN/MPVPN <10.1.2r60p92-10.2.2r44p1 - File Upload
CVSS 9.8
CVE-2021-42133
HIGH
Ivanti Avalanche <6.3.3 - Privilege Escalation
CVSS 8.1
CVE-2021-42125
HIGH
Ivanti Avalanche < 6.3.3 - Unauthenticated Arbitrary File Write via Inforail Service
CVSS 8.8
CVE-2021-43936
CRITICAL
webhmi_firmware < 4.1 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2021-23562
MEDIUM
plupload < 2.3.9 - Unrestricted Upload of File with Dangerous Type
CVSS 4.2
CVE-2021-42099
CRITICAL
Zoho ManageEngine M365 Manager Plus < 4421 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-42123
HIGH
TopEase <= 7.1.27 - Authenticated Unrestricted File Upload via File Upload Functions
CVSS 7.3
CVE-2021-44094
HIGH
ZrLog 2.2.2 - Remote Code Execution via Plugin Download Function
CVSS 7.8
CVE-2021-44093
CRITICAL
zrlog 2.2.2 - Remote Code Execution via Avatar Upload Bypass
CVSS 9.8
CVE-2021-22968
HIGH
Concrete CMS < 8.5.7 - Authenticated Remote Code Execution via File Upload Bypass
CVSS 7.2
CVE-2021-42362
HIGH
WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload in Image.php
CVSS 8.8
CVE-2021-39222
MEDIUM
Nextcloud Talk < 10.0.7 - Stored Cross-Site Scripting via Malicious File Right-Click
CVSS 6.4
CVE-2021-42839
HIGH
Grand Vice info Co. webopac7 - Unauthenticated Arbitrary File Upload and Remote Code Execution via File Upload Function
CVSS 8.8
CVE-2021-43617
CRITICAL
Laravel Framework <8.70.2 - Code Injection
CVSS 9.8
CVE-2021-3915
MEDIUM
BookStack < 21.10.3 and ssddanbrown/bookstack < 21.0.3 - Unrestricted Upload of File with Dangerous Type
CVSS 5.7
CVE-2021-41833
CRITICAL
Zoho ManageEngine Patch Connect Plus < 90099 - Unauthenticated Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-28023
CRITICAL
ServiceTonic Helpdesk < 9.0.35937 - Code Injection
CVSS 9.8
CVE-2021-34685
LOW
Hitachi Vantara Pentaho < 9.1.0.0 - Authenticated Unrestricted File Upload via Filename Extension Bypass
CVSS 2.7
CVE-2021-31599
HIGH
Hitachi Vantara Pentaho < 9.1.0.0 & BI Server < 7.1 - Authenticated RCE via BeanShell
CVSS 8.8
CVE-2021-42669
CRITICAL
Engineers Online Portal - Unrestricted File Upload via Teacher Avatar Change
CVSS 9.8
CVE-2021-26740
CRITICAL
doyocms 2.3 - Arbitrary File Upload via sysupload.php
CVSS 9.8
CVE-2021-38847
HIGH
S-Cart < 6.4.1 - Authenticated Arbitrary File Upload via Editor Module
CVSS 8.8
CVE-2021-41646
CRITICAL
Online Reviewer System 1.0 - Remote Code Execution via Malicious PHP File Upload
CVSS 9.8
CVE-2021-41645
HIGH
Sourcecodester Budget and Expense Tracker System 1.0 - Remote Code Execution via Image Upload
CVSS 8.8
Details
Vulnerabilities
4,130
Exploit Likelihood
Medium