CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-13882 HIGH
Aiomatic <= 2.3.8 - Authenticated Arbitrary File Upload via aiomatic_generate_featured_image
CVSS 8.8
CVE-2024-13908 HIGH
SMTP by BestWebSoft <= 1.1.9 - Authenticated Arbitrary File Upload via save_options Function
CVSS 7.2
CVE-2024-47259 LOW
AXIS OS 11.11.0-12.2.51 & <11.11.126 - Unauthenticated Command Injection via VAPIX API
CVSS 3.5
CVE-2024-8425 CRITICAL
WooCommerce Ultimate Gift Card <2.6.0 - RCE
CVSS 9.8
CVE-2024-41340 HIGH
Draytek Vigor Routers - Unauthenticated Arbitrary File Upload via APP Enforcement Module
CVSS 8.4
CVE-2024-41339 HIGH
Draytek Vigor Routers - Unauthenticated Arbitrary File Upload via Configuration Upload Endpoint
CVSS 8.8
CVE-2024-56897 CRITICAL
YI Car Dashcam <3.88 - Info Disclosure
CVSS 9.8
CVE-2024-13869 HIGH
WPvivid Backup & Migration < 0.9.112 - Authenticated Arbitrary File Upload via upload_files Function
CVSS 7.2
CVE-2024-10960 CRITICAL
Brizy < 2.6.5 - Authenticated Arbitrary File Upload via storeUploads Function
CVSS 9.9
CVE-2024-13365 CRITICAL
Security & Malware scan by CleanTalk < 2.150 - Unauthenticated Arbitrary File Upload via ZIP Archive Extraction
CVSS 9.8
CVE-2024-13714 HIGH
All-Images.ai - IA Image Bank <1.0.4 - RCE
CVSS 8.8
CVE-2024-13544 MEDIUM
Zarinpal Paid Download < 2.3 - Authenticated Arbitrary File Upload
CVSS 4.8
CVE-2024-13011 CRITICAL
WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload via upload_publisher_profile_image Function
CVSS 9.8
CVE-2024-57408 HIGH
cool-admin-java 1.0 - Arbitrary File Upload via /comm/upload Endpoint
CVSS 7.2
CVE-2024-57407 HIGH
Timo 2.0.3 - Arbitrary File Upload and Remote Code Execution via User Picture Component
CVSS 7.3
CVE-2024-57668 HIGH
Code-projects Shopping Portal 1.0 - Unrestricted Upload of File with Dangerous Type via insert-product.php
CVSS 8.8
CVE-2024-13723 HIGH
Checkmk NagVis - Admin PHP File Upload Code Execution
CVSS 7.2
CVE-2024-57968 CRITICAL KEV
Advantive VeraCore < 2024.4.2.1 - Authenticated Arbitrary File Upload via upload.aspx
CVSS 9.9
CVE-2024-57450 CRITICAL
ChestnutCMS <= 1.5.0 - Unrestricted File Upload via Create Template Function
CVSS 9.8
CVE-2024-55417 MEDIUM
DevDojo Voyager < 1.8.0 - Authenticated Arbitrary File Upload via Media Upload Endpoint
CVSS 4.3
CVE-2024-13448 CRITICAL
ThemeREX Addons <2.32.3 - File Upload
CVSS 9.8
CVE-2024-40693 HIGH
IBM Planning Analytics 2.0-2.1 - Code Injection
CVSS 8.0
CVE-2024-25034 HIGH
IBM Planning Analytics <2.2 - Code Injection
CVSS 8.0
CVE-2024-55926 HIGH
Xerox Workplace Suite - Info Disclosure
CVSS 7.6
CVE-2024-13091 CRITICAL
WPBot Pro Wordpress Chatbot <13.5.4 - File Upload
CVSS 9.8
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits