CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-6110 HIGH
Magbanua Beach Resort Online Reservation System <= 1.0 - Unrestricted File Upload via Image Parameter
CVSS 7.3
CVE-2024-6084 HIGH
Pool of Bethesda Online Reservation System <= 1.0 - Unrestricted File Upload via Image Parameter
CVSS 7.3
CVE-2024-6083 MEDIUM
phpvibe 11.0.46 - Unrestricted Upload of File with Dangerous Type via Media Upload Page
CVSS 6.3
CVE-2024-34833 CRITICAL
Sourcecodester Payroll Management System 1.0 - Unauthenticated Arbitrary File Upload via Image Upload
CVSS 9.8
CVE-2024-3912 CRITICAL
ASUS Router - Remote Code Execution
CVSS 9.8
CVE-2024-31161 HIGH
ASUS Download Master < 3.1.0.114 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2024-31777 CRITICAL
openeclass < 3.15 - Remote Code Execution via certbadge.php File Upload
CVSS 9.8
CVE-2024-36396 HIGH
Verint Workforce Optimization < 15.2.1030 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2024-34110 HIGH
Adobe Commerce <=2.4.7 Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2024-1659 CRITICAL
MegaBIP <= 5.10 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2024-34683 MEDIUM
SAP Document Builder - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2024-36415 CRITICAL
SuiteCRM < 7.14.4 - Remote Code Execution via Unrestricted File Upload
CVSS 9.1
CVE-2024-35746 CRITICAL
BuddyPress Cover < 2.1.4.2 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2024-5745 HIGH
Bakery Online Ordering System 1.0 - Unrestricted File Upload via Product Image Parameter
CVSS 7.3
CVE-2024-5734 MEDIUM
Online Discussion Forum 1.0 - Unrestricted File Upload via Image Parameter in Poster
CVSS 6.3
CVE-2024-36774 HIGH
Monstra CMS 3.0.4 - Arbitrary File Upload and Remote Code Execution via PHP File
CVSS 7.2
CVE-2024-5278 MEDIUM
gaizhenbiao/chuanhuchatgpt < 20240919 - Unrestricted File Upload via Insufficient Validation in /upload Endpoint
CVSS 6.1
CVE-2024-37273 CRITICAL
Jan v0.4.12 - Arbitrary File Upload via /v1/app/appendFileSync Interface
CVSS 9.8
CVE-2024-36858 CRITICAL
Jan 0.4.12 - Arbitrary File Upload via writeFileSync
CVSS 9.8
CVE-2024-0757 MEDIUM
WordPress Plugin <4.3000000023 - Code Injection
CVSS 5.4
CVE-2024-29974 CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - RCE
CVSS 9.8
CVE-2024-29848 HIGH
Ivanti Avalanche <6.4.x - Command Injection
CVSS 7.2
CVE-2024-22060 MEDIUM
Ivanti Neurons for ITSM - File Upload
CVSS 4.9
CVE-2024-5518 MEDIUM
Online Discussion Forum 1.0 - Unrestricted File Upload via change_profile_picture.php Image Parameter
CVSS 6.3
CVE-2024-3412 CRITICAL
WP STAGING WordPress Backup Plugin - File Upload
CVSS 9.1
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits