CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-25019 MEDIUM
IBM Cognos Controller 11.0.0-11.0.1 - Code Injection
CVSS 5.5
CVE-2024-11391 HIGH
Advanced File Manager <5.2.10 - RCE
CVSS 7.5
CVE-2024-53564 LOW
FreePBX 17.0.19.17 - Unrestricted Upload of File with Dangerous Type
CVSS 2.2
CVE-2024-52476 CRITICAL
stefanbohacek Fediverse Embeds <1.5.3 - RCE
CVSS 10.0
CVE-2024-11979 CRITICAL
Interinfo DreamMaker < 2024/09/26 - Unauthenticated Path Traversal and Arbitrary File Upload
CVSS 9.8
CVE-2024-11971 LOW
Guizhou Xiaoma Technology jpress 5.1.2 - XSS
CVSS 3.5
CVE-2024-52490 CRITICAL
Pathomation <2.5.1 - Code Injection
CVSS 10.0
CVE-2024-11082 CRITICAL
Tumult Hype Animations <1.9.15 - RCE
CVSS 9.9
CVE-2024-8066 HIGH
File Manager Pro - Filester <= 1.8.6 - Authenticated Arbitrary File Upload via fsConnector Function
CVSS 7.5
CVE-2024-53619 MEDIUM
SPIP 4.3.3 - Authenticated Arbitrary File Upload via Crafted PDF
CVSS 6.3
CVE-2024-9504 HIGH
Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 7.2
CVE-2024-11674 MEDIUM
CodeAstro Hospital Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-11661 MEDIUM
Free Exam Hall Seating Management System 1.0 - Unrestricted File Upload in Profile Image Handler
CVSS 4.3
CVE-2024-9942 CRITICAL
WPGYM - Wordpress Gym Management System <67.1.0 - File Upload
CVSS 9.8
CVE-2024-9660 HIGH
School Management System for Wordpress < 91.5.0 - Arbitrary File Upload via mj_smgt_load_documets
CVSS 8.8
CVE-2024-9659 CRITICAL
School Management System for Wordpress <= 91.5.0 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2024-51366 CRITICAL
OmegaT 6.0.1 - Arbitrary File Upload via Crafted .conf File
CVSS 9.8
CVE-2024-51364 HIGH
ModbusMechanic v3.0 - Code Injection
CVSS 8.8
CVE-2024-8525 CRITICAL
Automated Logic WebCTRL 7.0 - Command Injection
CVE-2024-52677 CRITICAL
hkcms <= 2.3.2.240702 - Unrestricted Upload of File with Dangerous Type via getFileName Method
CVSS 9.8
CVE-2024-52769 HIGH
DedeBIZ 6.3.0 - Arbitrary File Upload and Remote Code Execution via Friendlink Edit Component
CVSS 7.2
CVE-2024-51208 HIGH
Boat Booking System 1.0 - Unrestricted File Upload via Image Upload Mechanism
CVSS 7.2
CVE-2024-11404 MEDIUM
django-filer < 3.3.0 - Unrestricted File Upload and Stored Cross-Site Scripting
CVSS 5.5
CVE-2024-51743 HIGH
Markus < 2.4.8 - Authenticated Arbitrary File Write via File Upload Methods
CVSS 8.8
CVE-2024-51499 HIGH
Markus < 2.4.8 - Authenticated Arbitrary File Write via SubmissionsController update_files
CVSS 8.8
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits