CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-13138 MEDIUM
wangl1989 mysiteforme 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2024-13134 MEDIUM
ZeroWdd studentmanager 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-13133 MEDIUM
ZeroWdd studentmanager 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-55078 CRITICAL
WukongCRM-11.0-JAVA 11.3.3 - Arbitrary File Upload via /adminUser/updateImg
CVSS 9.8
CVE-2024-56264 MEDIUM
Beee ACF City Selector <1.14.0 - RCE
CVSS 6.6
CVE-2024-56249 CRITICAL
Webdeclic WPMasterToolKit <1.13.1 - Code Injection
CVSS 9.1
CVE-2024-56829 CRITICAL
Huang Yaoshi Pharmaceutical <16.0 - File Upload
CVSS 10.0
CVE-2024-56064 CRITICAL
Azzaroco WP SuperBackup <2.3.3 - Code Injection
CVSS 10.0
CVE-2024-56046 CRITICAL
VibeThemes WPLMS < 1.9.9 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-13022 MEDIUM
Taisan Tarzan-cms 1.0.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-56508 HIGH
LinkAce < 1.15.6 - Unrestricted Upload of File with Dangerous Type via Import Bookmarks Functionality
CVSS 7.6
CVE-2024-12956 MEDIUM
1000 Projects Portfolio Management System MCA 1.0 - Unrestricted File Upload via ach_certy Argument
CVSS 6.3
CVE-2024-12954 MEDIUM
1000 Projects Portfolio Management System MCA 1.0 - Unrestricted File Upload via ach_certy Argument
CVSS 6.3
CVE-2024-12953 MEDIUM
1000 Projects Portfolio Management System MCA 1.0 - Unrestricted File Upload via /update_pd_process.php Profile Argument
CVSS 6.3
CVE-2024-12951 MEDIUM
Portfolio Management System MCA 1.0 - Unrestricted File Upload via /add_personal_details.php
CVSS 6.3
CVE-2024-47151 MEDIUM
Honor MagicOS 8.0.0.1-8.0.0.135 - Unrestricted File Upload Leading to Remote Code Execution
CVSS 6.3
CVE-2024-10584 MEDIUM
DirectoryPress < 3.6.17 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2024-40695 HIGH
IBM Cognos Analytics - Code Injection
CVSS 8.0
CVE-2024-12700 HIGH
Tibbo AggreGate Network Manager < 6.34.02 - Authenticated Unrestricted JSP File Upload
CVSS 8.8
CVE-2024-11984 HIGH
Corporate Training Management System <10.13 - Command Injection
CVSS 8.8
CVE-2024-56057 CRITICAL
VibeThemes WPLMS < 1.9.9.5.2 - Arbitrary File Upload
CVSS 9.9
CVE-2024-56054 CRITICAL
VibeThemes WPLMS < 1.9.9.5.2 - Authenticated Arbitrary File Upload via Instructor Role
CVSS 9.1
CVE-2024-56052 CRITICAL
VibeThemes WPLMS < 1.9.9.5.2 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-56050 CRITICAL
VibeThemes WPLMS < 1.9.9.5.3 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-55514 MEDIUM
Raisecom MSG1200 MSG2100E MSG2200 MSG2300 3.90 - Unauthenticated Arbitrary File Upload via /upload_sfmig.php
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits