CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-50473 CRITICAL
Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-50427 CRITICAL
SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Unrestricted File Upload
CVSS 9.9
CVE-2024-50420 CRITICAL
aDirectory <= 1.3 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-50494 CRITICAL
Amin Omer Sudan Payment Gateway for WooCommerce <1.2.2 - RCE
CVSS 10.0
CVE-2024-50493 CRITICAL
Automatic Translation <= 1.0.4 - Arbitrary File Upload
CVSS 10.0
CVE-2024-50484 CRITICAL
mahlamusa Multi Purpose Mail Form <1.0.2 - RCE
CVSS 10.0
CVE-2024-50482 CRITICAL
Chetan Khandla Woocommerce Product Design <1.0.0 - Code Injection
CVSS 10.0
CVE-2024-50480 CRITICAL
azexo Marketing Automation <1.27.80 - RCE
CVSS 9.9
CVE-2024-50496 CRITICAL
webandprint AR For WordPress <= 6.6 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-50495 CRITICAL
Plugin Propagator <= 0.1 - Arbitrary File Upload
CVSS 10.0
CVE-2024-48594 HIGH
Prison Management System 1.0 - Remote Code Execution via File Upload
CVSS 8.8
CVE-2024-50623 CRITICAL KEV
Cleo Harmony, VLTrader, and LexiCom < 5.8.0.21 - Unrestricted File Upload and Remote Code Execution
CVSS 9.8
CVE-2024-10420 MEDIUM
SourceCodester Attendance and Payroll System 1.0 - Unrestricted File Upload via Image Parameter in Guest Update
CVSS 6.3
CVE-2024-10413 MEDIUM
Online Hotel Reservation System 1.0 - Unrestricted Upload of File with Dangerous Type via Guest Update Image Parameter
CVSS 6.3
CVE-2024-10410 MEDIUM
Online Hotel Reservation System 1.0 - Unrestricted File Upload via Image Parameter in Room Add Function
CVSS 6.3
CVE-2024-9932 CRITICAL
Wux Blog Editor <3.0.0 - File Upload
CVSS 9.8
CVE-2024-37847 HIGH
MangoOS < 5.1.4 and Mango API < 4.5.5 - Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2024-45263 HIGH
GL-iNet Firmware - Unrestricted File Upload via ovpn_upload Interface
CVSS 8.8
CVE-2024-48454 HIGH
SourceCodester Purchase Order Management System 1.0 - Unauthenticated Remote Code Execution via File Upload
CVSS 7.2
CVE-2024-49676 MEDIUM
Michael Bourne Custom Icons for Elementor <0.3.3 - RCE
CVSS 6.6
CVE-2024-49671 CRITICAL
Dogu Pekgoz AI Image Generator <1.1.8 - RCE
CVSS 9.9
CVE-2024-49669 CRITICAL
Alexander De Ridder INK Official <4.1.2 - RCE
CVSS 9.9
CVE-2024-49668 CRITICAL
Verbalize WP <= 1.0 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-49658 CRITICAL
Ecomerciar Woocommerce Custom Profile Picture <1.0 - RCE
CVSS 9.9
CVE-2024-49653 CRITICAL
Portfolleo <= 1.2 - Unauthenticated Arbitrary File Upload
CVSS 9.9
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits