CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-54285 CRITICAL
SeedProd Pro <= 6.18.10 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2024-54370 CRITICAL
SuitePlugins Video & Photo Gallery <1.1.0 - Code Injection
CVSS 9.9
CVE-2024-12478 MEDIUM
InvoicePlane < 1.6.1 - Unrestricted File Upload via /index.php/upload/upload_file/1/1
CVSS 6.3
CVE-2024-9698 HIGH
Crafthemes Demo Import <3.3 - File Upload
CVSS 7.2
CVE-2024-54262 CRITICAL
Siddharth Nagar Import Export For WooCommerce <1.5 - RCE
CVSS 9.9
CVE-2024-9290 CRITICAL
Super Backup & Clone - Migrate <2.3.3 - RCE
CVSS 9.8
CVE-2024-12042 MEDIUM
MStore API < 4.16.4 - Authenticated Stored Cross-Site Scripting via Profile Picture Upload
CVSS 5.4
CVE-2024-10590 HIGH
Opt-In Downloads plugin for WordPress <4.07 - Command Injection
CVSS 8.8
CVE-2024-44220 MEDIUM
macOS < 14.7.2 and < 15.2 - Denial of Service via Malicious Video File Parsing
CVSS 5.5
CVE-2024-53677 CRITICAL
Apache Struts 2.0.0-6.3.9 - Path Traversal and Remote Code Execution via File Upload
CVSS 9.8
CVE-2024-47946 HIGH
Image Access Scan2Net 7.42 - Poweruser PHP Upload Code Execution
CVSS 7.2
CVE-2024-50625 HIGH
Digi ConnectPort LTS Firmware < 1.4.12 - Arbitrary File Upload via POST Request Path Manipulation
CVSS 8.0
CVE-2024-54918 CRITICAL
Kashipara E-learning Management System 1.0 - Remote Code Execution via File Upload in /teacher_avatar.php
CVSS 9.8
CVE-2024-53822 CRITICAL
Genetech Pie Register Premium <3.8.3.3 - Uplaod of File with Danger...
CVSS 10.0
CVE-2024-54214 CRITICAL
Roninwp Revy <= 1.18 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-53811 MEDIUM
POSIMYTH WDesignkit <= 1.0.40 - Arbitrary File Upload
CVSS 6.6
CVE-2024-10578 HIGH
Pubnews theme <1.0.7 - Privilege Escalation
CVSS 8.8
CVE-2024-12233 HIGH
Online Notice Board <= 1.0 - Unrestricted File Upload via Profile Picture Handler
CVSS 7.3
CVE-2024-51548 CRITICAL
ABB ASPECT <3.08.02, NEXUS Series <3.08.02, MATRIX Series <3.08.02 ...
CVSS 9.9
CVE-2024-53982 HIGH
ZOO-Project - Path Traversal in Echo Example File Caching
CVE-2024-40744 CRITICAL
Convert Forms < 4.4.8 - Unrestricted File Upload via Security Bypass
CVSS 9.8
CVE-2024-46625 HIGH
InfoDom Performa 365 4.0.1 - Authenticated Arbitrary File Upload via SVG File
CVSS 8.8
CVE-2024-25020 MEDIUM
IBM Cognos Controller <11.0.1 - Code Injection
CVSS 5.5
CVE-2024-53863 CRITICAL
Synapse < 1.120.1 - Unrestricted Upload of File with Dangerous Type via Dynamic Thumbnail Generation
CVSS 9.1
CVE-2024-40691 HIGH
IBM Cognos Controller 11.0.0-11.0.1 - Code Injection
CVSS 8.0
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits