CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434

CVE-2024-43160 CRITICAL

BerqWP <1.7.6 - Code Injection

CVSS 10.0

CVE-2024-6823 HIGH

Media Library Assistant <3.18 - RCE

CVSS 8.8

CVE-2024-42375 MEDIUM

SAP BusinessObjects Business Intelligence - Code Injection

CVSS 4.3

CVE-2024-41731 LOW

SAP Business Objects Business Intelli... - Unrestricted File Upload

CVSS 3.1

CVE-2024-28166 LOW

SAP Business Objects Business Intelli... - Unrestricted File Upload

CVSS 3.7

CVE-2024-7706 MEDIUM

Mainwww Mwcms - Unrestricted File Upload

CVSS 4.7

CVE-2024-7705 MEDIUM

Mainwww Mwcms - Unrestricted File Upload

CVSS 4.7

CVE-2024-38530 CRITICAL

Open eClass - Unrestricted RCE

CVSS 9.8

CVE-2024-7694 HIGH KEV

Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload

CVSS 7.2

CVE-2024-7399 HIGH KEV

Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)

CVSS 8.8

CVE-2024-41577 CRITICAL

productinfoquick v1.0 - RCE

CVSS 9.8

CVE-2024-5226 MEDIUM

Daniyalahmedk Fuse Social Floating Sidebar < 5.4.11 - XSS

CVSS 6.4

CVE-2024-6707 HIGH

Web Server <version - Path Traversal

CVSS 8.8

CVE-2024-41913 HIGH

HP Poly Clariti Manager < 10.12.0.2_100 - Unrestricted File Upload

CVSS 8.8

CVE-2024-7506 MEDIUM

Angeljudesuarez Tailoring Management System - Unrestricted File Upload

CVSS 6.3

CVE-2024-7500 MEDIUM

Angeljudesuarez Airline Reservation System - Unrestricted File Upload

CVSS 6.3

CVE-2024-7484 HIGH

Crmperks Crm Perks Forms < 1.1.4 - Unrestricted File Upload

CVSS 7.2

CVE-2024-6315 HIGH

Blox Page Builder <1.0.65 - Code Injection

CVSS 8.8

CVE-2024-7495 MEDIUM

Itsourcecode Laravel Accounting System - Unrestricted File Upload

CVSS 6.3

CVE-2024-6117 HIGH

Hamastar Meetinghub Paperless Meetings - Unrestricted File Upload

CVSS 8.8

CVE-2024-7450 MEDIUM

Angeljudesuarez Placement Management System - Unrestricted File Upload

CVSS 6.3

CVE-2024-7257 CRITICAL

YayExtra - WooCommerce Extra Product Options <1.3.7 - RCE

CVSS 9.8

CVE-2024-7342 LOW

Baidu Ueditor < 1.4.3.3 - Unrestricted File Upload

CVSS 3.5

CVE-2024-34021 MEDIUM

ELECOM Wireless LAN Routers - Command Injection

CVSS 6.8

CVE-2024-7329 MEDIUM

Youdiancms - Unrestricted File Upload

CVSS 6.3

Details

Vulnerabilities 4,016

Exploit Likelihood Medium

Links