CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-37762 CRITICAL
MachForm < 21 - Authenticated Unrestricted File Upload leading to Remote Code Execution
CVSS 9.9
CVE-2024-36987 MEDIUM
Splunk Enterprise < 9.2.2, < 9.1.5, < 9.0.10 & Splunk Cloud < 9.1.2312.200 - Authenticated File Upload
CVSS 4.3
CVE-2024-3123 HIGH
CHANGING Mobile One Time Password 3.11-3.11.3 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2024-6127 CRITICAL
PowerShellEmpire Arbitrary File Upload (Skywalker)
CVSS 9.8
CVE-2024-6373 HIGH
itsourcecode Online Food Ordering System <1.0 - Unrestricted Upload
CVSS 7.3
CVE-2024-6054 HIGH
Auto Featured Image < 1.2 - Authenticated Arbitrary File Upload via create_post_attachment_from_url Function
CVSS 8.8
CVE-2024-35527 CRITICAL
FarCry Core < 7.2.14 - Arbitrary File Upload via /fileupload/upload.cfm
CVSS 9.8
CVE-2024-5008 HIGH
WhatsUp Gold < 23.1.3 - Authenticated Remote Code Execution via AppProfileImportController
CVSS 8.8
CVE-2024-4197 CRITICAL
Avaya IP Office < 11.1.3.1 - Remote Code Execution via One-X File Upload
CVSS 9.9
CVE-2024-37228 CRITICAL
InstaWP Connect <= 0.1.0.38 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-24551 HIGH
Bludit < 3.15.0 - Authenticated Remote Code Execution via Image API File Upload
CVSS 8.8
CVE-2024-24550 HIGH
Bludit 3.14.0-3.15.0 - Arbitrary File Upload to Code Execution
CVSS 8.1
CVE-2024-6280 MEDIUM
SourceCodester Simple Online Bidding System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-35767 CRITICAL
Squeeze < 1.4 - Unauthenticated Arbitrary File Upload
CVSS 9.1
CVE-2024-28147 HIGH
edu-sharing <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19 - Arbitrary File Upload & Stored XSS via Collection Preview Image
CVSS 7.4
CVE-2024-34990 CRITICAL
FME Modules for PrestaShop <2.4.0 - Code Injection
CVSS 10.0
CVE-2024-33836 CRITICAL
JA Marketplace <9.0.1 - Code Injection
CVSS 9.8
CVE-2024-22263 HIGH
Spring Cloud Data Flow - Path Traversal
CVSS 8.8
CVE-2024-6132 HIGH
Pexels: Free Stock Photos <1.2.2 - File Upload
CVSS 8.8
CVE-2024-5853 CRITICAL
Sirv < 7.2.7 - Authenticated Arbitrary File Upload via sirv_upload_file_by_chanks AJAX Action
CVSS 9.9
CVE-2024-3229 CRITICAL
Salon Booking System < 10.3 - Unauthenticated Arbitrary File Upload via ImportAssistants Function
CVSS 9.8
CVE-2024-2381 HIGH
AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated Arbitrary File Upload via ajax_save_image Function
CVSS 8.8
CVE-2024-6116 HIGH
Simple Online Hotel Reservation System 1.0 - Unrestricted File Upload via edit_room.php Photo Parameter
CVSS 7.3
CVE-2024-6115 HIGH
Simple Online Hotel Reservation System 1.0 - Unrestricted File Upload via add_room.php Photo Parameter
CVSS 7.3
CVE-2024-6114 HIGH
Monbela Tourist Inn Online Reservation System <= 1.0 - Arbitrary File Upload via Image Parameter
CVSS 7.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits