CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-51919 CRITICAL
Fancy Product Designer <6.4.3 - Uplaod of File with Dangerous Type
CVSS 9.0
CVE-2024-13333 HIGH
WordPress Advanced File Manager <5.2.13 - RCE
CVSS 7.5
CVE-2024-40513 MEDIUM
themesbrand Chatvia 5.3.2 - Remote Code Execution via User Profile Image Upload
CVSS 4.6
CVE-2024-13355 MEDIUM
WooCommerce: OrderConvo <13.2 - RCE/XSS
CVSS 5.4
CVE-2024-41454 MEDIUM
Process Maker pm4core-docker <4.1.21-RC7 - RCE
CVSS 6.5
CVE-2024-57761 HIGH
JeeWMS < 2025-01-01 - Arbitrary File Upload via parserXML() Method
CVSS 8.1
CVE-2024-48760 CRITICAL
GestioIP 3.5.7 - Remote Code Execution via Malicious File Upload
CVSS 9.8
CVE-2024-13171 HIGH
Ivanti Endpoint Manager < 2022 - Unauthenticated Remote Code Execution via Insufficient Filename Validation
CVSS 7.8
CVE-2024-46479 CRITICAL
Venki Supravizio BPM <= 18.0.1 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.9
CVE-2024-42180 LOW
HCL MyXalytics - Unrestricted Upload of File with Dangerous Type
CVSS 1.6
CVE-2024-46210 HIGH
Redaxo CMS 5.17.1 - Arbitrary File Upload and Remote Code Execution via MediaPool Module
CVSS 7.2
CVE-2024-43662 MEDIUM
Iocharger AC <24120701 - File Upload
CVE-2024-43657 HIGH
Iocharger AC <24120701 - Command Injection
CVSS 8.8
CVE-2024-43656 HIGH
Iocharger AC model chargers <24120701 - Command Injection
CVSS 8.8
CVE-2024-13212 MEDIUM
SingMR HouseRent 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-13210 MEDIUM
donglight bookstore <1.0 - Unrestricted Upload
CVSS 4.7
CVE-2024-13201 MEDIUM
wander-chu SpringBoot-Blog 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2024-13191 MEDIUM
ZeroWdd myblog 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-12854 HIGH
Garden Gnome Package <2.3.0 - Code Injection
CVSS 8.8
CVE-2024-12853 HIGH
Modula Image Gallery < 2.11.10 - Authenticated Arbitrary File Upload via Zip Functionality
CVSS 8.8
CVE-2024-53345 HIGH
Car Rental Management System <1.4 - Authenticated RCE
CVSS 8.8
CVE-2024-43243 CRITICAL
JobBoard Job listing <= 1.2.6 - Arbitrary File Upload
CVSS 10.0
CVE-2024-56828 CRITICAL
ChestnutCMS <= 1.5.0 - Unauthenticated Unrestricted File Upload via Avatar API
CVSS 9.8
CVE-2024-13145 MEDIUM
zhenfeng13 My-Blog 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-13144 MEDIUM
zhenfeng13 My-Blog 1.0 - Unrestricted Upload
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits