CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-20022 HIGH KEV
SonicWall Email Security < 10.0.9.6103 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2021-29641 HIGH
Directus 8.0.0-8.8.1 - Authenticated Arbitrary File Upload via .php and .htaccess Files
CVSS 8.8
CVE-2021-28173 CRITICAL
deltaflow 4.0-7.6 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2021-30149 CRITICAL
Composr 10.0.36 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2021-24212 CRITICAL
WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2021-24171 CRITICAL
WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload via Extension Bypass
CVSS 9.8
CVE-2021-24160 HIGH
Responsive Menu < 4.0.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Zip Archive Extraction
CVSS 8.8
CVE-2021-24155 HIGH
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload via SGBP Import
CVSS 7.2
CVE-2021-23001 MEDIUM
BIG-IP Advanced WAF and ASM 11.6.1-11.6.5.2 - Authenticated Unrestricted File Upload via iControl REST Endpoint
CVSS 4.3
CVE-2021-27274 CRITICAL
NETGEAR ProSAFE Network Management System 1.6.0.26 - RCE
CVSS 9.8
CVE-2021-26597 MEDIUM
Nokia NetAct 18A - Authenticated Unrestricted File Upload via Site Configuration Tool
CVSS 6.5
CVE-2021-21357 HIGH
TYPO3 < 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Authenticated Path Traversal and Arbitrary File Write via Form Designer Module
CVSS 8.3
CVE-2021-21355 HIGH
TYPO3 <8.7.40, 9.5.25, 10.4.14, 11.1.1 - Info Disclosure
CVSS 8.6
CVE-2021-21351 MEDIUM
Oracle Banking Platform < 5.15.14 - Insecure Deserialization
CVSS 5.4
CVE-2021-21350 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-21347 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 6.1
CVE-2021-21346 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 6.1
CVE-2021-21344 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-24145 HIGH
Modern Events Calendar Lite < 5.16.5 - Arbitrary File Upload via CSV Import
CVSS 7.2
CVE-2021-24123 HIGH
PowerPress < 8.3.8 - Authenticated Arbitrary File Upload via Podcast Artwork Image
CVSS 7.2
CVE-2021-28294 CRITICAL
Online Ordering System 1.0 - Unrestricted File Upload via initiateorder.php
CVSS 9.8
CVE-2021-27817 CRITICAL
shopxo 1.9.3 - Remote Code Execution via PHAR File Upload with JPG Extension
CVSS 9.8
CVE-2021-28379 HIGH
Vesta Control Panel <0.9.8-27 - Open Redirect
CVSS 8.8
CVE-2021-27964 CRITICAL
SonLogger - Arbitrary File Upload
CVSS 9.8
CVE-2021-27198 CRITICAL
VisualWare MyConnection Server < 11.1a - Unauthenticated Remote Code Execution via Arbitrary File Upload
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits