CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-42054 MEDIUM
Cervantes through 0.5-alpha - Unrestricted Upload of File with Dangerous Type
CVSS 5.4
CVE-2024-6431 HIGH
Media.net Ads Manager <2.10.13 - RCE
CVSS 8.8
CVE-2024-40318 HIGH
Webkul Qloapps <1.6.0.0 - Code Injection
CVSS 7.2
CVE-2024-6756 HIGH
Social Auto Poster < 5.3.14 - Authenticated Arbitrary File Upload via wpw_auto_poster_get_image_path
CVSS 8.8
CVE-2024-6828 HIGH
Redux Framework <4.4.17 - XSS/Code Injection
CVSS 7.2
CVE-2024-6958 MEDIUM
itsourcecode University Management System 1.0 - Unrestricted File Upload via Avatar File Handler
CVSS 6.3
CVE-2024-6948 MEDIUM
Gargaj wuhu < 2024-02-10 - Unrestricted File Upload via Slide Editor
CVSS 6.3
CVE-2024-6945 MEDIUM
Flute CMS 0.2.2.4-alpha - Unrestricted File Upload via Avatar Parameter
CVSS 6.3
CVE-2024-40400 HIGH
Automad 2.0.0 - Arbitrary File Upload and Remote Code Execution via Image Upload Function
CVSS 8.8
CVE-2024-3242 HIGH
Brizy < 2.4.45 - Authenticated Arbitrary File Upload via validateImageContent Function
CVSS 8.8
CVE-2024-20296 MEDIUM
Cisco Identity Services Engine - Authenticated Arbitrary File Upload
CVSS 4.7
CVE-2024-27311 MEDIUM
Zohocorp ManageEngine DDI Central <4001 - Path Traversal
CVSS 5.5
CVE-2024-31411 HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2024-6220 CRITICAL
Keydatas < 2.5.2 - Unauthenticated Arbitrary File Upload via keydatas_downloadImages Function
CVSS 9.8
CVE-2024-6801 MEDIUM
Online Student Management System 1.0 - Unrestricted File Upload via Image Parameter
CVSS 6.3
CVE-2024-6595 LOW
GitLab CE/EE <16.11.6/<17.0.4/<17.1.2 - Info Disclosure
CVSS 3.0
CVE-2024-40394 CRITICAL
Simple Library Management System <1.0 - File Upload
CVSS 9.8
CVE-2024-40425 CRITICAL
Nanjin Xingyuantu Technology Co Sparkshop <1.1.6 - RCE
CVSS 9.8
CVE-2024-40555 MEDIUM
Tmall_demo v2024.07.03 - File Upload
CVSS 5.3
CVE-2024-40553 MEDIUM
Tmall_demo v2024.07.03 - File Upload
CVSS 4.9
CVE-2024-5630 HIGH
Articulate Content WordPress Plugin <4.3000000024 - Author PHP Upload Code Execution
CVSS 8.8
CVE-2024-6730 MEDIUM
Nanjing Xingyuantu Technology SparkShop <1.1.6 - Unrestricted Upload
CVSS 6.3
CVE-2024-5450 CRITICAL
Bug Library WordPress Plugin < 2.1.1 - Unauthenticated Arbitrary File Upload
CVSS 9.1
CVE-2024-5080 HIGH
wp-eMember < 10.6.6 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2024-40551 HIGH
PublicCMS < 4.0.202302.e - Arbitrary File Upload via /admin/cmsTemplate/doUpload
CVSS 8.8
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits