CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2024-48027
CRITICAL
xaraartech <1.0.2 - Unrestricted File Upload
CVSS 9.9
CVE-2024-47649
CRITICAL
THATplugin Iconize <= 1.2.4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2024-49257
CRITICAL
Azz Anonim Posting <= 0.9 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-8918
HIGH
File Manager Pro < 8.3.9 - Unauthenticated Limited JavaScript File Upload
CVSS 7.4
CVE-2024-8746
HIGH
File Manager Pro <8.3.9 - Info Disclosure
CVSS 7.5
CVE-2024-48782
CRITICAL
DYCMS Open-Source v2.0.9.41 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2024-48781
CRITICAL
Wanxing Technology Yitu Project Management Kirin Edition <2.3.6 - RCE
CVSS 9.8
CVE-2024-9975
MEDIUM
SourceCodester Drag and Drop Image Upload 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-9985
CRITICAL
Enterprise Cloud Database - Code Injection
CVSS 10.0
CVE-2024-9981
HIGH
FormosaSoft ee-class - PHP File Upload Inclusion Code Execution
CVSS 8.8
CVE-2024-9904
MEDIUM
07flycms < 1.2.0 - Unrestricted File Upload via pictureUpload Function
CVSS 4.7
CVE-2024-9903
MEDIUM
07flycms < 1.2.0 - Unrestricted File Upload via fileUpload Function
CVSS 4.7
CVE-2024-46088
CRITICAL
Zhejiang University Entersoft CRM <2024 - RCE
CVSS 9.8
CVE-2024-42640
CRITICAL
angular-base64-upload <v0.1.21 - RCE
CVSS 9.8
CVE-2024-9855
MEDIUM
07flycms 1.3.8 - Unrestricted File Upload via Module Plug-In Handler
CVSS 4.7
CVE-2024-9816
MEDIUM
Codezips Tourist Management System 1.0 - Unrestricted File Upload via Package Image Parameter
CVSS 4.7
CVE-2024-9815
MEDIUM
Codezips Tourist Management System 1.0 - Unrestricted File Upload via Package Image Parameter
CVSS 4.7
CVE-2024-9794
MEDIUM
Codezips Online Shopping Portal 1.0 - Unrestricted Upload of File with Dangerous Type via productimage1 Parameter
CVSS 6.3
CVE-2024-47423
HIGH
Adobe Framemaker <2020.6, 2022.4 - RCE
CVSS 7.8
CVE-2024-45137
HIGH
InDesign Desktop <19.4, 18.5.3 - RCE
CVSS 7.8
CVE-2024-45136
HIGH
Adobe InCopy < 18.5.4 - Unrestricted Upload of File with Dangerous Type
CVSS 7.8
CVE-2024-47823
CRITICAL
Livewire <2.12.7-3.5.2 - Code Injection
CVSS 9.8
CVE-2024-37179
HIGH
SAP BusinessObjects BI Platform - Authenticated Arbitrary File Read
CVSS 7.7
CVE-2024-47319
HIGH
Bit Apps Bit Form - Contact Form <2.13.10 - Code Injection
CVSS 8.0
CVE-2024-9417
MEDIUM
Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated File Upload via Misconfigured Extension Validation
CVSS 6.1
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium