CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2021-20659 HIGH
SolarView Compact SV-CPT-MC310 <6.5 - RCE
CVSS 8.8
CVE-2021-3120 CRITICAL
YITH WooCommerce Gift Cards Premium < 3.3.1 - Unauthenticated Arbitrary File Upload and RCE via ywgc-upload-picture
CVSS 9.8
CVE-2021-27513 HIGH
EyesOfNetwork 5.3-10 - Authenticated Unrestricted Upload of Dangerous File Type
CVSS 8.8
CVE-2021-26809 CRITICAL
PHPGurukul Car Rental Project 2.0 - Remote Shell Upload via changeimage1.php
CVSS 9.8
CVE-2021-25780 HIGH
Baby Care System 1.0 - Unrestricted File Upload in posts.php
CVSS 7.2
CVE-2021-22858 HIGH
changjia_property_management_system - Improper Authentication
CVSS 8.8
CVE-2021-21014 CRITICAL
Magento <2.4.1-2.3.6 - Authenticated RCE
CVSS 9.1
CVE-2021-21131 MEDIUM
Google Chrome <88.0.4324.96 - Info Disclosure
CVSS 6.5
CVE-2021-26918 CRITICAL
ProBot bot < 2021-02-08 - Unrestricted File Upload via Double Extension Bypass
CVSS 9.8
CVE-2021-3378 CRITICAL
FortiLogger < 5.2.0 - Arbitrary File Upload via Hotspot Logo Upload
CVSS 9.8
CVE-2021-3164 HIGH
ChurchRota 2.6.4 - Authenticated Remote Code Execution via File Upload
CVSS 8.8
CVE-2021-22698 HIGH
EcoStruxure Power Build - Rapsody < V2.1.13 - Buffer Overflow
CVSS 7.8
CVE-2021-22697 HIGH
EcoStruxure Power Build - Rapsody < V2.1.13 - Use After Free
CVSS 7.8
CVE-2021-3166 HIGH
ASUS DSL-N14U-B1 1.1.2.3_805 - Unrestricted Firmware Upload via Settings_DSL-N14U-B1.trx
CVSS 7.5
CVE-2021-21245 CRITICAL
OneDev < 4.0.3 - Arbitrary File Upload via AttachmentUploadServlet
CVSS 10.0
CVE-2020-37227 HIGH
WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
CVSS 8.8
CVE-2020-37117 HIGH
jizhicms 1.6.7 - Authenticated Arbitrary File Download via Admin Plugins Update Endpoint
CVSS 8.8
CVE-2020-37084 HIGH
School ERP Pro 1.0 - Authenticated Remote Code Execution via Profile Photo Upload
CVSS 7.2
CVE-2020-37090 CRITICAL
School ERP Pro 1.0 - Unauthenticated Remote Code Execution via Message Attachment Upload
CVSS 9.8
CVE-2020-37073 HIGH
Victor CMS 1.0 - Authenticated Arbitrary File Upload via user_image Parameter
CVSS 8.8
CVE-2020-37113 HIGH
GUnet OpenEclass 1.7.3 - Auth Bypass
CVSS 8.8
CVE-2020-37023 HIGH
Koken CMS 0.22.24 - Authenticated Unrestricted Upload of File with Dangerous Type via File Extension Manipulation
CVSS 8.8
CVE-2020-37009 HIGH
MedDream PACS Server 6.8.3.751 - Authenticated RCE
CVSS 8.8
CVE-2020-36973 MEDIUM
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
CVSS 6.5
CVE-2020-36942 HIGH
Victor CMS 1.0 - Authenticated Arbitrary File Upload via Profile Image Feature
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits