CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-8743 MEDIUM
Bit File Manager < 6.5.7 - Authenticated Limited JavaScript File Upload via Improper File Type Validation
CVSS 6.8
CVE-2024-37869 HIGH
Itsourcecode Online Discussion Forum 1.0 - Remote Code Execution via Unrestricted File Upload in poster.php
CVSS 8.8
CVE-2024-37868 HIGH
Itsourcecode Online Discussion Forum 1.0 - Unauthenticated Arbitrary File Upload via sendreply.php
CVSS 8.8
CVE-2024-47655 HIGH
Shilpi Client Dashboard < 9.7.0 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2024-45965 MEDIUM
Contao 4.x < 4.13.54, 5.0.x-5.3.x < 5.3.30, 5.4.x-5.5.x < 5.5.6 - Cross-Site Scripting via SVG Upload
CVSS 6.4
CVE-2024-7855 HIGH
WP Hotel Booking <= 2.1.2 - Authenticated Arbitrary File Upload via update_review()
CVSS 8.8
CVE-2024-47528 MEDIUM
LibreNMS < 24.9.0 - Stored Cross-Site Scripting via Custom Map Background SVG Upload
CVSS 4.8
CVE-2024-9108 CRITICAL
Wechat Social login plugin <1.3.0 - Code Injection
CVSS 9.8
CVE-2024-46441 HIGH
YPay 1.2.0 - Arbitrary File Upload via ZIP Archive in Theme Upload
CVSS 8.8
CVE-2024-9280 MEDIUM
kvf-admin up to f12a94dc - Unrestricted File Upload in FileUploadKit.java
CVSS 4.7
CVE-2024-9278 MEDIUM
HuankeMao SCRM <0.0.3 - Unrestricted Upload
CVSS 4.7
CVE-2024-47169 HIGH
agnai < 1.0.330 - Unauthenticated Arbitrary File Write via Path Traversal
CVSS 8.8
CVE-2024-8725 MEDIUM
Advanced File Manager < 5.2.9 - Authenticated Arbitrary File Upload via Shortcode Plugin
CVSS 6.8
CVE-2024-8126 HIGH
Advanced File Manager < 5.2.8 - Authenticated Arbitrary File Upload via class_fma_connector.php
CVSS 7.5
CVE-2024-7772 CRITICAL
Jupiter X Core <= 4.6.5 - Unauthenticated Arbitrary File Upload via Mishandled File Type Validation
CVSS 9.8
CVE-2024-8940 CRITICAL
Scriptcase 9.4.019 - Unrestricted Upload of File with Dangerous Type via jQuery-File-Upload POST Request
CVSS 10.0
CVE-2024-46101 CRITICAL
GDidees CMS <= 3.9.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2024-9038 MEDIUM
Codezips Online Shopping Portal 1.0 - Unrestricted File Upload via insert-product.php
CVSS 4.3
CVE-2024-9036 MEDIUM
Online Bookstore 1.0 - Unrestricted File Upload via admin_add.php Image Parameter
CVSS 6.3
CVE-2024-40125 CRITICAL
Closed-Loop Technology CLESS Server 4.5.2 - Arbitrary File Upload and Remote Code Execution via Media Manager
CVSS 9.8
CVE-2024-46377 CRITICAL
Best House Rental Management System 1.0 - Arbitrary File Upload via save_settings() Function
CVSS 9.8
CVE-2024-46373 HIGH
dedecms V5.7.115 - Authenticated Arbitrary Code Execution via File Upload
CVSS 8.8
CVE-2024-45398 HIGH
Contao <4.13.49, 5.3.15, 5.4.3 - Code Injection
CVSS 8.3
CVE-2024-8242 MEDIUM
MStore API - WordPress <4.15.3 - File Upload
CVSS 4.3
CVE-2024-27115 CRITICAL
SOPlanning - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits