CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-7705 MEDIUM
mwcms 1.0.0 - Unrestricted File Upload via Image Upload Component
CVSS 4.7
CVE-2024-38530 CRITICAL
Open eClass - Unrestricted RCE
CVSS 9.8
CVE-2024-7694 HIGH KEV
ThreatSonar Anti-Ransomware < 3.5.0 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2024-7399 HIGH KEV
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
CVSS 8.8
CVE-2024-41577 CRITICAL
productinfoquick 1.0 - Remote Code Execution via Ueditor Crafted PNG Upload
CVSS 9.8
CVE-2024-5226 MEDIUM
Fuse Social Floating Sidebar <= 5.4.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-6707 HIGH
Web Server <version - Path Traversal
CVSS 8.8
CVE-2024-41913 HIGH
HP Poly Clariti Manager < 10.12.0.2_100 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2024-7506 MEDIUM
Tailoring Management System 1.0 - Unrestricted File Upload via setlogo.php bgimg Parameter
CVSS 6.3
CVE-2024-7500 MEDIUM
Airline Reservation System 1.0 - Unrestricted File Upload via admin/admin_class.php img Argument
CVSS 6.3
CVE-2024-7484 HIGH
CRM Perks Forms < 1.1.3 - Authenticated Arbitrary File Upload via handle_uploaded_files Function
CVSS 7.2
CVE-2024-6315 HIGH
Blox Page Builder <1.0.65 - Code Injection
CVSS 8.8
CVE-2024-7495 MEDIUM
itsourcecode Laravel Accounting System 1.0 - Unrestricted File Upload via HomeController Image Parameter
CVSS 6.3
CVE-2024-6117 HIGH
Hamastar MeetingHub Paperless Meetings 2021 - Authenticated Arbitrary Command Execution via ASP File Upload
CVSS 8.8
CVE-2024-7450 MEDIUM
Placement Management System 1.0 - Unrestricted File Upload via resume_upload.php
CVSS 6.3
CVE-2024-7257 CRITICAL
YayExtra - WooCommerce Extra Product Options <1.3.7 - RCE
CVSS 9.8
CVE-2024-7342 LOW
Baidu UEditor < 1.4.3.3 - Unrestricted File Upload via /ueditor/php/controller.php
CVSS 3.5
CVE-2024-34021 MEDIUM
ELECOM Wireless LAN Routers - Command Injection
CVSS 6.8
CVE-2024-7329 MEDIUM
YouDianCMS 7 - Unrestricted File Upload via Image Upload Endpoint
CVSS 6.3
CVE-2024-40645 HIGH
FOG Project < 1.5.10.41 - Rebranding Image Upload Code Execution
CVSS 8.8
CVE-2024-7277 MEDIUM
restaurant_management_system - Unrestricted Upload of File with Dangerous Type via /admin/menu.php Image Parameter
CVSS 4.7
CVE-2024-38529 CRITICAL
Admidio < 4.3.10 - Remote Code Execution via Unrestricted PHP File Upload in Message Module
CVSS 9.0
CVE-2024-7192 MEDIUM
Society Management System 1.0 - Unrestricted File Upload via Student Image Parameter
CVSS 6.3
CVE-2024-7189 MEDIUM
Online Food Ordering System 1.0 - Unrestricted File Upload via editproduct.php Photo Parameter
CVSS 6.3
CVE-2024-6366 CRITICAL
User Profile Builder <3.11.8 - Info Disclosure
CVSS 9.1
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits