CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-39317 HIGH
AccessPress Themes Products - Authenticated Arbitrary File Upload via plugin_offline_installer AJAX Action
CVSS 8.8
CVE-2021-41919 HIGH
webtareas < 2.4 - Authenticated Unrestricted File Upload via Profile Picture
CVSS 8.8
CVE-2021-41566 CRITICAL
tadtools < 3.2.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2021-37931 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Unrestricted File Upload leading to Remote Code Execution
CVSS 9.8
CVE-2021-37930 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37929 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37928 CRITICAL
ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37926 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Unrestricted File Upload Leading to Remote Code Execution
CVSS 9.8
CVE-2021-37924 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37923 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37921 CRITICAL
ManageEngine ADManager Plus <= 7110 - Unrestricted File Upload leading to Remote Code Execution
CVSS 9.8
CVE-2021-37920 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37919 CRITICAL
Zoho ManageEngine ADManager Plus < 7.1 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-37918 CRITICAL
ManageEngine ADManager Plus <= 7110 - Unrestricted File Upload Leading to Remote Code Execution
CVSS 9.8
CVE-2021-37762 CRITICAL
ManageEngine ADManager Plus <= 7110 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2021-3832 CRITICAL
Integria IMS 5.0.92 - Unauthenticated Remote Code Execution via AsyncUpload Function
CVSS 9.8
CVE-2021-40324 HIGH
cobbler < 3.3.0 - Arbitrary File Write via upload_log_data
CVSS 7.5
CVE-2021-41290 CRITICAL
ECOA BAS controller - Path Traversal
CVSS 9.8
CVE-2021-37105 HIGH
FusionCompute 6.5.0, 6.5.1, 8.0.0 - Unrestricted Upload of File with Dangerous Type
CVSS 7.5
CVE-2021-37761 CRITICAL
Zoho ManageEngine ADManager Plus <= 7110 - Unrestricted File Upload leading to Remote Code Execution
CVSS 9.8
CVE-2021-37539 CRITICAL
Zoho ManageEngine ADManager Plus < 7111 - Unrestricted File Upload leading to Remote Code Execution
CVSS 9.8
CVE-2021-26794 CRITICAL
FrogCMS - Unrestricted Upload of File with Dangerous Type via upload.php
CVSS 9.8
CVE-2021-37741 HIGH
ManageEngine ADManager Plus < 7111 - Unauthenticated Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2021-24663 HIGH
Simple Schools Staff Directory < 1.1 - Authenticated Arbitrary File Upload via Logo Picture
CVSS 7.2
CVE-2021-33698 HIGH
SAP Business One <10.0 - Code Injection
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits