CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-52429 CRITICAL
WP Quick Setup <= 2.0 - Unauthenticated Arbitrary File Upload via Plugin/Theme Installation
CVSS 9.9
CVE-2024-11315 CRITICAL
DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2024-11314 CRITICAL
DVC 6.0-<6.4 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2024-11313 CRITICAL
DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2024-11312 CRITICAL
DVC 6.0-<6.4 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2024-11311 CRITICAL
DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2024-52397 CRITICAL
Davor Zeljkovic Convert Docx2post <1.4 - RCE
CVSS 9.1
CVE-2024-52408 CRITICAL
PushAssist Push Notifications <3.0.8 - RCE
CVSS 9.9
CVE-2024-52407 CRITICAL
BasePress Migration Tools <= 1.0.0 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-52406 CRITICAL
CSV to html <= 3.26 - Arbitrary File Upload
CVSS 9.9
CVE-2024-52405 CRITICAL
Bikram Joshi B-Banner Slider <1.1 - RCE
CVSS 9.9
CVE-2024-52404 CRITICAL
Bigfive CF7 Reply Manager <1.2.3 - Uplaod of File with Dangerous Type
CVSS 9.9
CVE-2024-52403 CRITICAL
WPExperts User Management <1.1 - RCE
CVSS 9.9
CVE-2024-52400 CRITICAL
Gallerio <= 1.01 - Arbitrary File Upload
CVSS 9.9
CVE-2024-52399 CRITICAL
Clarisse K. Writer Helper <3.1.6 - RCE
CVSS 9.9
CVE-2024-52398 CRITICAL
Halyra CDI <5.5.3 - Uplaod of File with Danger
CVSS 9.1
CVE-2024-8856 CRITICAL
WordPress WP Time Capsule Arbitrary File Upload to RCE
CVSS 9.8
CVE-2024-9849 HIGH
Real 3D FlipBook WordPress Plugin <4.6 - RCE
CVSS 8.8
CVE-2024-50652 MEDIUM
java_shop 1.0 - Unrestricted Upload of File with Dangerous Type via Avatar Function
CVSS 4.3
CVE-2024-52370 CRITICAL
Hive Support - WordPress Help Desk <1.1.1 - Code Injection
CVSS 9.9
CVE-2024-52369 CRITICAL
Optimal Access Inc. KBucket <4.1.6 - RCE
CVSS 9.9
CVE-2024-52384 CRITICAL
Sage AI <2.4.9 - Unrestricted File Upload
CVSS 9.9
CVE-2024-52380 CRITICAL
Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-52379 CRITICAL
kineticPay for WooCommerce <= 2.0.8 - Arbitrary File Upload
CVSS 10.0
CVE-2024-52377 CRITICAL
BdThemes Instant Image Generator <1.5.4 - RCE
CVSS 10.0
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits