CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434
CVE-2024-11054 MEDIUM
Oretnom23 Simple Music Cloud Communit... - Improper Access Control
CVSS 6.3
CVE-2024-10801 CRITICAL
WordPress User Extra Fields <16.5 - RCE
CVSS 9.8
CVE-2024-10547 CRITICAL
WP Membership <1.6.2 - RCE
CVSS 9.8
CVE-2024-10627 CRITICAL
Vanquish Woocommerce Support Ticket System - Unrestricted File Upload
CVSS 9.8
CVE-2024-51152 HIGH
Alexstack Laravel Cms < 1.4.7 - Unrestricted File Upload
CVSS 7.2
CVE-2024-11000 MEDIUM
Codeastro Real Estate Management System - Improper Access Control
CVSS 4.7
CVE-2024-10999 MEDIUM
Codeastro Real Estate Management System - Improper Access Control
CVSS 4.7
CVE-2024-10994 MEDIUM
Codezips Online Institute Management System - Improper Access Control
CVSS 6.3
CVE-2024-10993 MEDIUM
Codezips Online Institute Management System - Improper Access Control
CVSS 6.3
CVE-2024-10668 HIGH
Google Quick Share < 1.0.2002.2 - Unrestricted File Upload
CVSS 7.5
CVE-2024-8615 CRITICAL
JobSearch WP Job Board <2.6.7 - File Upload
CVSS 10.0
CVE-2024-8614 CRITICAL
JobSearch WP Job Board <2.6.7 - RCE
CVSS 9.9
CVE-2024-9307 CRITICAL
Themelooks Mfolio < 1.2.1 - Unrestricted File Upload
CVSS 9.9
CVE-2024-10766 MEDIUM
Codezips Free Exam Hall Seating Manag... - Improper Access Control
CVSS 6.3
CVE-2024-10765 MEDIUM
Codezips Online Institute Management System - Improper Access Control
CVSS 6.3
CVE-2024-10764 MEDIUM
Codezips Online Institute Management System - Improper Access Control
CVSS 6.3
CVE-2024-50531 CRITICAL
Carrcommunications Rsvpmaker < 6.2.5 - Unrestricted File Upload
CVSS 10.0
CVE-2024-50530 CRITICAL
Myriadsolutionz Stars SMTP Mailer < 1.7 - Unrestricted File Upload
CVSS 9.9
CVE-2024-50529 CRITICAL
Rudrainnovative Training - Courses < 2.0.1 - Unrestricted File Upload
CVSS 9.9
CVE-2024-50527 CRITICAL
Stacksmarket Stacks Mobile App Builder - Unrestricted File Upload
CVSS 10.0
CVE-2024-50526 CRITICAL
Lindeni Multi Purpose Mail Form < 1.0.2 - Unrestricted File Upload
CVSS 10.0
CVE-2024-50525 CRITICAL
Helloprint < 2.0.2 - Unrestricted File Upload
CVSS 10.0
CVE-2024-50523 CRITICAL
Rainbow-link All Post Contact Form < 1.7.3 - Unrestricted File Upload
CVSS 10.0
CVE-2024-10392 CRITICAL
AI Power: Complete AI Pack <1.8.89 - File Upload
CVSS 9.8
CVE-2024-48734 HIGH
SAS Studio 9.4 - Unrestricted File Upload
CVSS 8.8
Details
Vulnerabilities 4,016
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits