CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-40550 HIGH
PublicCMS 4.0.202302.e - Template Metadata File Upload Code Execution
CVSS 8.8
CVE-2024-40549 HIGH
PublicCMS < 4.0.202302.e - Arbitrary File Upload and Remote Code Execution via /admin/cmsTemplate/savePlace
CVSS 8.8
CVE-2024-40548 HIGH
PublicCMS < 4.0.202302.e - Arbitrary File Upload via /admin/cmsTemplate/save
CVSS 8.8
CVE-2024-40546 HIGH
PublicCMS < 4.0.202302.e - Arbitrary File Upload via /admin/cmsWebFile/save
CVSS 8.8
CVE-2024-40545 HIGH
PublicCMS < 4.0.202302.e - Arbitrary File Upload via /admin/cmsWebFile/doUpload
CVSS 8.8
CVE-2024-38736 CRITICAL
Realtyna Organic IDX <4.14.13 - Code Injection
CVSS 9.1
CVE-2024-38734 CRITICAL
SpreadsheetConverter Import Spreadsheets from Microsoft Excel <10.1...
CVSS 9.1
CVE-2024-3112 MEDIUM
Quotes and Tips <1.45 - Privilege Escalation
CVSS 4.8
CVE-2024-5911 MEDIUM
Palo Alto Networks Pan-OS 10.1.0-10.1.8 - Authenticated Arbitrary File Upload
CVSS 4.9
CVE-2024-6647 MEDIUM
Croogo <4.0.7 - Unrestricted Upload
CVSS 4.7
CVE-2024-39865 HIGH
SINEMA Remote Connect Server < 3.2 SP1 - Unrestricted Upload of File with Dangerous Type via Backup Restore
CVSS 8.8
CVE-2024-37424 CRITICAL
Newspack Blocks < 3.0.8 - Arbitrary File Upload
CVSS 9.9
CVE-2024-37420 CRITICAL
WPZita Zita Elementor Site Library <1.6.1 - Code Injection
CVSS 9.9
CVE-2024-37418 CRITICAL
Church Admin <= 4.4.6 - Arbitrary File Upload
CVSS 9.9
CVE-2024-6314 CRITICAL
IQ Testimonials <2.2.7 - File Upload
CVSS 9.8
CVE-2024-6313 CRITICAL
Gutenberg Forms WordPress Plugin <= 2.2.9 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2024-6161 HIGH
Default Thumbnail Plus <1.0.2.3 - RCE
CVSS 8.8
CVE-2024-6123 HIGH
Bit Form plugin <2.13.3 - Code Injection
CVSS 7.2
CVE-2024-37555 CRITICAL
Generate PDF using Contact Form 7 <= 4.1.2 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2024-5441 HIGH
Modern Events Calendar <= 7.11.0 - Arbitrary File Upload via set_featured_image Function
CVSS 8.8
CVE-2024-34692 LOW
SAP Enable Now - Authenticated Unrestricted Upload of Executable Files
CVSS 3.3
CVE-2024-27903 CRITICAL
OpenVPN < 2.5.10 - Unrestricted Plugin Upload via Untrusted Directory
CVSS 9.8
CVE-2024-6319 HIGH
IMGspider plugin <2.3.10 - Code Injection
CVSS 8.8
CVE-2024-6318 HIGH
IMGspider plugin <2.3.10 - File Upload
CVSS 8.8
CVE-2024-6439 MEDIUM
Home Owners Collection Management System 1.0 - Unrestricted File Upload via Users.php img Argument
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits