CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-4960 MEDIUM
D-Link DAR-7000-40 V31R02B1413C - Unrestricted Upload
CVSS 6.3
CVE-2024-4946 MEDIUM
SourceCodester Online Art Gallery Management System 1.0 - Unrestric...
CVSS 6.3
CVE-2024-4945 MEDIUM
SourceCodester Best Courier Management System 1.0 - Unrestricted Up...
CVSS 4.3
CVE-2024-4927 HIGH
SourceCodester Simple Online Bidding System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2024-4923 MEDIUM
Codezips E-Commerce Site 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-4921 MEDIUM
SourceCodester Employee and Visitor Gate Pass Logging System 1.0 - ...
CVSS 6.3
CVE-2024-4920 HIGH
SourceCodester Online Discussion Forum Site 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2024-4904 MEDIUM
Byzoro Smart S200 Management Platform <20240507 - Unrestricted Upload
CVSS 6.3
CVE-2024-34913 MEDIUM
technocking r-pan-scaffolding < 5.0 - Remote Code Execution via Crafted PDF Upload
CVSS 5.4
CVE-2024-34909 MEDIUM
kykms < 1.0.1 - Arbitrary File Upload via Crafted PDF File
CVSS 5.4
CVE-2024-34906 MEDIUM
dootask v0.30.13 - Arbitrary File Upload and Remote Code Execution via Crafted PDF File
CVSS 5.4
CVE-2024-3488 MEDIUM
OpenText iManager 3.0-3.2.6 - Unauthenticated Unrestricted File Upload
CVSS 5.6
CVE-2024-3483 HIGH
OpenText iManager 3.0-3.2.6 - Remote Code Execution via Insecure Deserialization
CVSS 7.8
CVE-2024-32002 CRITICAL
Git <2.45.1-2.39.4 - Code Injection
CVSS 9.0
CVE-2024-33006 CRITICAL
SAP NetWeaver ABAP Platform - Unauthenticated Dangerous File Upload
CVSS 9.6
CVE-2024-27945 HIGH
RUGGEDCOM CROSSBOW < 5.5 - Authenticated Unrestricted File Upload via Bulk Import Feature
CVSS 7.2
CVE-2024-27944 HIGH
RUGGEDCOM CROSSBOW < 5.5 - Authenticated Unrestricted Firmware Upload
CVSS 7.2
CVE-2024-27943 HIGH
RUGGEDCOM CROSSBOW < 5.5 - Authenticated Arbitrary File Upload and Remote Code Execution
CVSS 7.2
CVE-2024-4825 CRITICAL
Agentejo Cockpit < 2.7.0 - Arbitrary File Upload via Media API
CVSS 9.8
CVE-2024-4820 MEDIUM
Online Computer and Laptop Store 1.0 - Unrestricted File Upload via SystemSettings Update
CVSS 6.3
CVE-2024-4809 MEDIUM
Open Source Clinic Management System 1.0 - Unrestricted File Upload via Logo Parameter in setting.php
CVSS 6.3
CVE-2024-4681 MEDIUM
Campcodes Legal Case Management System 1.0 - Unrestricted File Upload via Favicon/Logo Parameter
CVSS 4.7
CVE-2024-4560 CRITICAL
Kognetiks Chatbot <1.9.9 - File Upload
CVSS 9.8
CVE-2024-4397 HIGH
LearnPress < 4.2.6.6 - Authenticated Arbitrary File Upload via save_post_materials Function
CVSS 8.8
CVE-2024-34555 CRITICAL
URBAN BASE Z-Downloads <1.11.3 - Unrestricted Upload
CVSS 10.0
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits