CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,014 vulnerabilities with CWE-434
CVE-2024-43243 CRITICAL
ThemeGlow JobBoard <1.2.6 - RCE
CVSS 10.0
CVE-2024-56828 CRITICAL
ChestnutCMS <1.5.0 - File Upload
CVSS 9.8
CVE-2024-13145 MEDIUM
zhenfeng13 My-Blog 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-13144 MEDIUM
zhenfeng13 My-Blog 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-13138 MEDIUM
wangl1989 mysiteforme 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2024-13134 MEDIUM
ZeroWdd studentmanager 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-13133 MEDIUM
ZeroWdd studentmanager 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-55078 CRITICAL
WukongCRM-11.0-JAVA <v11.3.3 - RCE
CVSS 9.8
CVE-2024-56264 MEDIUM
Beee ACF City Selector <1.14.0 - RCE
CVSS 6.6
CVE-2024-56249 CRITICAL
Webdeclic WPMasterToolKit <1.13.1 - Code Injection
CVSS 9.1
CVE-2024-56829 CRITICAL
Huang Yaoshi Pharmaceutical <16.0 - File Upload
CVSS 10.0
CVE-2024-56064 CRITICAL
Azzaroco WP SuperBackup <2.3.3 - Code Injection
CVSS 10.0
CVE-2024-56046 CRITICAL
Vibethemes Wordpress Learning Managem... - Unrestricted File Upload
CVSS 10.0
CVE-2024-13022 MEDIUM
Taisan Tarzan-cms 1.0.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-56508 HIGH
LinkAce <1.15.6 - XSS
CVSS 7.6
CVE-2024-12956 MEDIUM
1000projects Portfolio Management System Mca - Improper Access Control
CVSS 6.3
CVE-2024-12954 MEDIUM
1000projects Portfolio Management System Mca - Improper Access Control
CVSS 6.3
CVE-2024-12953 MEDIUM
1000projects Portfolio Management System Mca - Improper Access Control
CVSS 6.3
CVE-2024-12951 MEDIUM
1000projects Portfolio Management System Mca - Improper Access Control
CVSS 6.3
CVE-2024-47151 MEDIUM
Honor <version> - Code Injection
CVSS 6.3
CVE-2024-10584 MEDIUM
Designinvento Directorypress < 3.6.17 - Unrestricted File Upload
CVSS 5.4
CVE-2024-40695 HIGH
IBM Cognos Analytics - Code Injection
CVSS 8.0
CVE-2024-12700 HIGH
Unspecified - Code Injection
CVSS 8.8
CVE-2024-11984 HIGH
Corporate Training Management System <10.13 - Command Injection
CVSS 8.8
CVE-2024-56057 CRITICAL
Vibethemes Wordpress Learning Managem... - Unrestricted File Upload
CVSS 9.9
Details
Vulnerabilities 4,014
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits