CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-10999 MEDIUM
CodeAstro Real Estate Management System 1.0 - Unrestricted File Upload via About Us Page aimage Parameter
CVSS 4.7
CVE-2024-10994 MEDIUM
Codezips Online Institute Management System 1.0 - Unrestricted File Upload via /edit_user.php Image Parameter
CVSS 6.3
CVE-2024-10993 MEDIUM
Codezips Online Institute Management System 1.0 - Unrestricted File Upload via Website Image Parameter
CVSS 6.3
CVE-2024-10668 HIGH
Google Quick Share < 1.0.2002.2 - Unauthenticated Unrestricted File Upload via Duplicate Payload Transfer Frame
CVSS 7.5
CVE-2024-8615 CRITICAL
JobSearch WP Job Board <2.6.7 - File Upload
CVSS 10.0
CVE-2024-8614 CRITICAL
JobSearch WP Job Board <2.6.7 - RCE
CVSS 9.9
CVE-2024-9307 CRITICAL
mFolio Lite < 1.2.1 - Authenticated Arbitrary File Upload via Missing Capability Check
CVSS 9.9
CVE-2024-10766 MEDIUM
Free Exam Hall Seating Management System 1.0 - Unrestricted File Upload via Image Argument in save_user.php
CVSS 6.3
CVE-2024-10765 MEDIUM
Codezips Online Institute Management System <= 1.0 - Unrestricted File Upload via Profile Image Parameter
CVSS 6.3
CVE-2024-10764 MEDIUM
Codezips Online Institute Management System 1.0 - Unrestricted File Upload via Image Parameter in save_user.php
CVSS 6.3
CVE-2024-50531 CRITICAL
RSVPMaker for Toastmasters <= 6.2.4 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-50530 CRITICAL
Stars SMTP Mailer <= 2.2.1 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-50529 CRITICAL
Training - Courses < 2.0.1 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-50527 CRITICAL
Stacks Mobile App Builder <= 5.2.3 - Arbitrary File Upload
CVSS 10.0
CVE-2024-50526 CRITICAL
Multi Purpose Mail Form <= 1.0.2 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-50525 CRITICAL
helloprint < 2.0.4 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-50523 CRITICAL
All Post Contact Form <= 1.8.2 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2024-10392 CRITICAL
AI Power: Complete AI Pack <1.8.89 - File Upload
CVSS 9.8
CVE-2024-48734 HIGH
SAS Studio 9.4 - Unrestricted File Upload
CVSS 8.8
CVE-2024-48093 HIGH
Operately 0.1.0 - Authenticated Remote Code Execution via Unrestricted File Upload in Discussions Tab
CVSS 8.0
CVE-2024-48202 CRITICAL
icecms <= 3.4.7 - Unrestricted File Upload in FileUtils.java
CVSS 9.8
CVE-2024-48646 HIGH
Sage 1000 v7.0.0 - Authenticated Unrestricted File Upload
CVSS 8.1
CVE-2024-50511 CRITICAL
WP donimedia carousel <= 1.0.1 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-50510 CRITICAL
Web and Print Design AR For Woocommerce <6.2 - RCE
CVSS 10.0
CVE-2024-7985 HIGH
FileOrganizer - WordPress File Manager <= 1.0.9 - Authenticated Arbitrary File Upload via fileorganizer_ajax_handler
CVSS 7.5
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits