CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434

CVE-2024-49652 CRITICAL

ReneeCussack 3D Work In Progress <1.0.3 - Unrestricted File Upload

CVSS 9.9

CVE-2024-10293 MEDIUM

ZZCMS 2023 - Unrestricted File Upload via Ebak_SetGotoPak Function

CVSS 6.3

CVE-2024-10292 MEDIUM

ZZCMS 2023 - Unrestricted Upload of File with Dangerous Type via ChangeTable.php savefilename Parameter

CVSS 6.3

CVE-2024-46482 HIGH

Ladybird Web Solution Faveo-Helpdesk <2.0.3 - RCE

CVSS 8.2

CVE-2024-10201 HIGH

Administrative Management System - RCE

CVSS 8.8

CVE-2024-49610 CRITICAL

Jack Zhu - Unrestricted Upload of File with Dangerous Type

CVSS 10.0

CVE-2024-49607 CRITICAL

Redwan Hilali WP Dropbox Dropins - Unrestricted Upload

CVSS 10.0

CVE-2024-49331 CRITICAL

Property Lot Management System < 4.2.38 - Unauthenticated Arbitrary File Upload

CVSS 9.9

CVE-2024-49330 CRITICAL

brx8r Nice Backgrounds <= 1.0 - Unauthenticated Arbitrary File Upload

CVSS 10.0

CVE-2024-49329 CRITICAL

WP REST API FNS <= 1.0.0 - Unauthenticated Arbitrary File Upload

CVSS 10.0

CVE-2024-49327 CRITICAL

Woostagram Connect <= 1.0.2 - Arbitrary File Upload

CVSS 10.0

CVE-2024-49326 CRITICAL

Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload

CVSS 10.0

CVE-2024-49324 CRITICAL

sovratec_case_management <= 1.0.0 - Arbitrary File Upload

CVSS 10.0

CVE-2024-49611 CRITICAL

Paxman Product Website Showcase - Unrestricted Upload

CVSS 10.0

CVE-2024-10161 MEDIUM

PHPGurukul Boat Booking System 1.0 - Unrestricted Upload

CVSS 6.3

CVE-2024-10120 HIGH

wfh45678 Radar <1.0.8 - Unrestricted Upload

CVSS 7.3

CVE-2024-49314 CRITICAL

JiangQie Free Mini Program <2.5.2 - Unrestricted File Upload

CVSS 10.0

CVE-2024-49291 CRITICAL

Gora Tech LLC Cooked Pro <1.8.0 - Uplaod of File with Dangerous Type

CVSS 10.0

CVE-2024-49398 HIGH

Elvaco CMe3100 1.12.1 - Unrestricted File Upload Code Execution

CVE-2024-48180 CRITICAL

ClassCMS <= 4.8 - Remote Code Execution via File Inclusion in nowView Method

CVSS 9.8

CVE-2024-49260 CRITICAL

Limb WordPress Gallery Plugin - Code Injection

CVSS 9.9

CVE-2024-49242 CRITICAL

Shafiq Digital Lottery <3.0.5 - RCE

CVSS 10.0

CVE-2024-49216 CRITICAL

Joshua Clayton Feed Comments <0.2.1 - RCE

CVSS 10.0

CVE-2024-48035 CRITICAL

Takayuki Imanishi ACF Images Search And Insert <1.1.4 - RCE

CVSS 9.9

CVE-2024-48034 CRITICAL

Fliperrr Team Creates 3D Flipbook, PDF Flipbook <1.2 - RCE

CVSS 9.9

Details

Vulnerabilities 4,119

Exploit Likelihood Medium

Links