CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-8232 HIGH
SpiderControl SCADA Web Server - File Upload
CVSS 7.5
CVE-2024-44871 HIGH
moziloCMS 3.0 - Unauthenticated Arbitrary File Upload via Admin Index
CVSS 7.2
CVE-2024-7770 HIGH
Bit File Manager < 6.5.6 - Authenticated Arbitrary File Upload via Missing File Type Validation
CVSS 8.8
CVE-2024-44849 CRITICAL
Qualitor <= 8.24 - Remote Code Execution via Arbitrary File Upload in checkAcesso.php
CVSS 9.8
CVE-2024-7620 MEDIUM
Customizer Export/Import < 0.9.7 - Authenticated Arbitrary File Upload via Missing File Type Validation
CVSS 6.6
CVE-2024-45171 HIGH
za-internet C-MOR Video Surveillance 5.2401 - Code Injection
CVSS 8.8
CVE-2024-8463 CRITICAL
PHPGurukul Job Portal 1.0 - Authenticated RCE
CVSS 9.9
CVE-2024-45076 CRITICAL
IBM webMethods Integration 10.15 - Code Injection
CVSS 9.9
CVE-2024-42991 HIGH
MCMS v5.4.1 - Unauthenticated Remote Code Execution via File Upload
CVSS 8.1
CVE-2024-8342 MEDIUM
SourceCodester Petshop Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-8341 MEDIUM
SourceCodester Petshop Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-8338 MEDIUM
HFO4 shudong-share 2.4.7 - Unrestricted Upload
CVSS 6.3
CVE-2024-8330 HIGH
6SHR system from Gether Technology - RCE
CVSS 8.8
CVE-2024-8296 MEDIUM
FeehiCMS <2.1.1 - Unrestricted Upload
CVSS 6.3
CVE-2024-8295 MEDIUM
FeehiCMS <2.1.1 - Unrestricted Upload
CVSS 6.3
CVE-2024-8294 MEDIUM
FeehiCMS <2.1.1 - Unrestricted Upload
CVSS 6.3
CVE-2024-6311 HIGH
Funnelforms Free <= 3.7.3.2 - Authenticated Arbitrary File Upload via af2_add_font Function
CVSS 7.2
CVE-2024-8170 LOW
SourceCodester Zipped Folder Manager App 1.0 - Unrestricted Upload
CVSS 3.5
CVE-2024-8166 MEDIUM
Ruijie EG2000K 11.1(6)B2 - Unrestricted Upload
CVSS 4.7
CVE-2024-7987 HIGH
Rockwell Automation ThinManager ThinServer - RCE
CVSS 7.8
CVE-2024-8164 MEDIUM
beikeshop < 1.5.5 - Unrestricted File Upload via FileManagerController rename Function
CVSS 6.3
CVE-2024-42523 HIGH
publiccms <V4.0.202302.e - Any File Upload
CVSS 7.2
CVE-2024-7559 HIGH
File Manager Pro < 8.3.7 - Authenticated Arbitrary File Upload via mk_file_folder_manager AJAX Action
CVSS 8.8
CVE-2024-8089 MEDIUM
SourceCodester E-Commerce System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-39717 HIGH KEV
Versa Director - Authenticated Unrestricted Upload of File with Dangerous Type via Favicon Customization
CVSS 7.2
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits