CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,018 vulnerabilities with CWE-434
CVE-2021-32089 CRITICAL
Zebra Fx9500 Firmware - Unrestricted File Upload
CVSS 9.8
CVE-2021-31207 MEDIUM KEV
Microsoft Exchange Server - Unrestricted File Upload
CVSS 6.6
CVE-2021-27618 MEDIUM
SAP Process Integration - DoS
CVSS 4.9
CVE-2021-29022 MEDIUM
Invoiceplane - Unrestricted File Upload
CVSS 5.3
CVE-2021-32094 HIGH
NSA Emissary - Unrestricted File Upload
CVSS 8.8
CVE-2021-31737 CRITICAL
Emlog - Unrestricted File Upload
CVSS 9.8
CVE-2021-24254 HIGH
College Publisher Import < 0.1 - Unrestricted File Upload
CVSS 7.2
CVE-2021-24253 HIGH
Classyfrieds < 3.8 - Unrestricted File Upload
CVSS 8.8
CVE-2021-24252 HIGH
Wp-eventmanager Event Banner < 1.3 - Unrestricted File Upload
CVSS 7.2
CVE-2021-24248 HIGH
Strategy11 Business Directory Plugin ... - Unrestricted File Upload
CVSS 7.2
CVE-2021-24236 CRITICAL
Imagements < 1.2.5 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24240 CRITICAL
Aivahthemes Business Hours Pro < 5.5.0 - Unrestricted File Upload
CVSS 9.8
CVE-2021-30209 MEDIUM
Textpattern V4.8.4 - Code Injection
CVSS 6.5
CVE-2021-23280 HIGH
Eaton IPM <1.69 - Authenticated RCE
CVSS 8.0
CVE-2021-24224 HIGH
Easy-form-builder-by-bitware < 1.0 - Unrestricted File Upload
CVSS 8.8
CVE-2021-24223 CRITICAL
N5 Upload Form < 1.0 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24222 CRITICAL
Williamluis Wp-curriculo Vitae Free < 6.3 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24220 CRITICAL
Thrivethemes Focusblog < 2.0.0 - Unrestricted File Upload
CVSS 9.1
CVE-2021-20022 HIGH KEV
Sonicwall Email Security < 10.0.9.6103 - Unrestricted File Upload
CVSS 7.2
CVE-2021-29641 HIGH
Rangerstudio Directus < 8.8.2 - Unrestricted File Upload
CVSS 8.8
CVE-2021-28173 CRITICAL
Vangene deltaFlow E-platform - RCE
CVSS 9.8
CVE-2021-30149 CRITICAL
Composr 10.0.36 - Code Injection
CVSS 9.8
CVE-2021-24212 CRITICAL
Woocommerce Help Scout < 2.9.1 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24171 CRITICAL
Vanquish Woocommerce Upload Files < 59.4 - Unrestricted File Upload
CVSS 9.8
CVE-2021-24160 HIGH
Expresstech Responsive Menu < 4.0.4 - Unrestricted File Upload
CVSS 8.8
Details
Vulnerabilities 4,018
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits