CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,018 vulnerabilities with CWE-434
CVE-2021-24155 HIGH
Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload
CVSS 7.2
CVE-2021-23001 MEDIUM
F5 Big-ip Access Policy Manager < 11.6.5.3 - Unrestricted File Upload
CVSS 4.3
CVE-2021-27274 CRITICAL
NETGEAR ProSAFE Network Management System 1.6.0.26 - RCE
CVSS 9.8
CVE-2021-26597 MEDIUM
Nokia Netact - Unrestricted File Upload
CVSS 6.5
CVE-2021-21357 HIGH
Typo3 < 8.7.40 - Path Traversal
CVSS 8.3
CVE-2021-21355 HIGH
TYPO3 <8.7.40, 9.5.25, 10.4.14, 11.1.1 - Info Disclosure
CVSS 8.6
CVE-2021-21351 MEDIUM
Oracle Banking Platform < 5.15.14 - Insecure Deserialization
CVSS 5.4
CVE-2021-21350 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-21347 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 6.1
CVE-2021-21346 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 6.1
CVE-2021-21344 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-24145 HIGH
Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload
CVSS 7.2
CVE-2021-24123 HIGH
Blubrry Powerpress < 8.3.8 - Unrestricted File Upload
CVSS 7.2
CVE-2021-28294 CRITICAL
Online Ordering System 1.0 - RCE
CVSS 9.8
CVE-2021-27817 CRITICAL
Shopxo 1.9.3 - RCE
CVSS 9.8
CVE-2021-28379 HIGH
Vesta Control Panel <0.9.8-27 - Open Redirect
CVSS 8.8
CVE-2021-27964 CRITICAL
SonLogger - Arbitrary File Upload
CVSS 9.8
CVE-2021-27198 CRITICAL
Visualware Myconnection Server < 11.1a - Unrestricted File Upload
CVSS 9.8
CVE-2021-20659 HIGH
SolarView Compact SV-CPT-MC310 <6.5 - RCE
CVSS 8.8
CVE-2021-3120 CRITICAL
Yithemes Yith Woocommerce Gift Cards - Unrestricted File Upload
CVSS 9.8
CVE-2021-27513 HIGH
EyesOfNetwork <5.3-10 - RCE
CVSS 8.8
CVE-2021-26809 CRITICAL
Phpgurukul Car Rental Portal - Unrestricted File Upload
CVSS 9.8
CVE-2021-25780 HIGH
Janobe Baby Care System - Unrestricted File Upload
CVSS 7.2
CVE-2021-22858 HIGH
CGE - Privilege Escalation
CVSS 8.8
CVE-2021-21014 CRITICAL
Magento <2.4.1-2.3.6 - Authenticated RCE
CVSS 9.1
Details
Vulnerabilities 4,018
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits