CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-24311 HIGH
External Media < 1.0.34 - Authenticated Arbitrary File Upload via wp_ajax_upload-remote-file
CVSS 8.8
CVE-2021-31703 CRITICAL
Frontier ichris < 5.18 - Unrestricted Upload of Executable Files
CVSS 9.8
CVE-2021-32630 CRITICAL
admidio < 4.0.4 - Authenticated Remote Code Execution via .phar File Upload
CVSS 9.6
CVE-2021-27459 CRITICAL
Emerson Rosemount X-STREAM - Code Injection
CVSS 9.8
CVE-2021-20721 CRITICAL
KonaWiki2 <2.2.4 - Code Execution via Arbitrary PHP File Upload
CVSS 9.8
CVE-2021-32622 MEDIUM
matrix-react-sdk < 3.21.0 - Local Script Execution via File Preview
CVSS 4.2
CVE-2021-24284 CRITICAL
Kaswara < 3.0.1 - Unauthenticated Arbitrary File Upload via uploadFontIcon AJAX Action
CVSS 9.8
CVE-2021-32089 CRITICAL
Zebra FX9500 Firmware - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2021-31207 MEDIUM KEV
Microsoft Exchange Server - Security Feature Bypass via Unrestricted File Upload
CVSS 6.6
CVE-2021-27618 MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Unrestricted Upload of File with Dangerous Type
CVSS 4.9
CVE-2021-29022 MEDIUM
InvoicePlane 1.5.11 - Full Path Disclosure via File Upload Feature
CVSS 5.3
CVE-2021-32094 HIGH
NSA Emissary 5.9.0 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2021-31737 CRITICAL
emlog 5.3.1 and 6.0.0 - Remote Code Execution via Database Backup File Upload
CVSS 9.8
CVE-2021-24254 HIGH
College publisher Import < 0.1 - Authenticated Arbitrary File Upload and Remote Code Execution via CSV Import
CVSS 7.2
CVE-2021-24253 HIGH
Classyfrieds < 3.8 - Authenticated Arbitrary PHP File Upload via Add Listing Feature
CVSS 8.8
CVE-2021-24252 HIGH
Event Banner WordPress Plugin <= 1.3 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2021-24248 HIGH
Business Directory Plugin < 5.11.1 - Authenticated RCE via Archive Import Bypass
CVSS 7.2
CVE-2021-24236 CRITICAL
Imagements < 1.2.5 - Unauthenticated Arbitrary File Upload via Content-Type Bypass
CVSS 9.8
CVE-2021-24240 CRITICAL
Business Hours Pro < 5.5.0 - Unauthenticated Arbitrary File Upload via Manual Update Functionality
CVSS 9.8
CVE-2021-30209 MEDIUM
Textpattern V4.8.4 - Code Injection
CVSS 6.5
CVE-2021-23280 HIGH
Eaton IPM <1.69 - Authenticated RCE
CVSS 8.0
CVE-2021-24224 HIGH
Easy Form Builder < 1.0 - Authenticated Arbitrary File Upload via EFBP_verify_upload_file AJAX Action
CVSS 8.8
CVE-2021-24223 CRITICAL
N5 Upload Form < 1.0 - Unauthenticated Arbitrary File Upload via Form Embed
CVSS 9.8
CVE-2021-24222 CRITICAL
WP-Curriculo Vitae Free < 6.3 - Unauthenticated Arbitrary File Upload via Profile Picture and Resume Submission
CVSS 9.8
CVE-2021-24220 CRITICAL
Thrivethemes Focusblog < 2.0.0 - Unrestricted File Upload
CVSS 9.1
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits