CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2024-42767
HIGH
Kashipara Hotel Management System v1.0 - RCE
CVSS 7.2
CVE-2024-7384
HIGH
AcyMailing < 9.7.2 - Authenticated Arbitrary File Upload via acym_extractArchive
CVSS 7.5
CVE-2024-42780
HIGH
Kashipara Music Management System <1.0 - RCE
CVSS 8.8
CVE-2024-42779
HIGH
Kashipara Music Management System <1.0 - RCE
CVSS 8.8
CVE-2024-42778
HIGH
Kashipara Music Management System <1.0 - RCE
CVSS 8.8
CVE-2024-42777
CRITICAL
Kashipara Music Management System 1.0 - Signup PHP Upload Code Execution
CVSS 9.8
CVE-2024-42563
CRITICAL
jerryhanjj/erp < 2018-03-02 - Arbitrary File Upload and Remote Code Execution via HTML File
CVSS 9.8
CVE-2024-7944
MEDIUM
Laravel Property Management System 1.0 - Unrestricted File Upload via DocumentsController UpdateDocumentsRequest
CVSS 6.3
CVE-2024-7943
MEDIUM
Laravel Property Management System 1.0 - Unrestricted File Upload via PropertiesController.php
CVSS 6.3
CVE-2024-43249
CRITICAL
Bit Apps Bit Form Pro <2.6.4 - Command Injection
CVSS 9.9
CVE-2024-7917
MEDIUM
DouPHP 1.7 Release 20220822 - Unrestricted Upload of File with Dangerous Type via Favicon Handler
CVSS 4.7
CVE-2024-7910
MEDIUM
Online Railway Reservation System 1.0 - Unrestricted File Upload via Profile Photo Update Handler
CVSS 4.7
CVE-2024-7906
MEDIUM
DedeBIZ 6.3.0 - Unrestricted Upload of File with Dangerous Type via Attachment Settings
CVSS 6.3
CVE-2024-7905
MEDIUM
DedeBIZ 6.3.0 - Unrestricted Upload of File with Dangerous Type via AdminUpload Function
CVSS 6.3
CVE-2024-7904
MEDIUM
DedeBIZ 6.3.0 - Unrestricted Upload of File with Dangerous Type via upfile1 Parameter
CVSS 6.3
CVE-2024-7903
MEDIUM
DedeBIZ 6.3.0 - Unrestricted Upload of File with Dangerous Type via upfile1 Argument
CVSS 6.3
CVE-2024-42676
HIGH
Huizhi Enterprise Resource Management <1.0 - RCE
CVSS 8.8
CVE-2024-39397
CRITICAL
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Unrestricted Upload of File with Dangerous Type
CVSS 9.0
CVE-2024-4389
HIGH
Depicter Slider/Carousel <3.1.1 - RCE
CVSS 8.8
CVE-2024-43160
CRITICAL
BerqWP < 1.7.6 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-6823
HIGH
Media Library Assistant <3.18 - RCE
CVSS 8.8
CVE-2024-42375
MEDIUM
SAP BusinessObjects Business Intelligence - Code Injection
CVSS 4.3
CVE-2024-41731
LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 3.1
CVE-2024-28166
LOW
SAP BusinessObjects Business Intelligence Platform - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 3.7
CVE-2024-7706
MEDIUM
mwcms 1.0.0 - Unrestricted File Upload via uploadimage Function
CVSS 4.7
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium