CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434
CVE-2024-2599 CRITICAL
Amss++ - Unrestricted File Upload
CVSS 9.9
CVE-2024-27957 CRITICAL
Genetechsolutions Pie Register < 3.8.3.3 - Unrestricted File Upload
CVSS 10.0
CVE-2024-2565 MEDIUM
Pandax < 2024-03-10 - Unrestricted File Upload
CVSS 6.3
CVE-2024-2561 MEDIUM
74cms - Unrestricted File Upload
CVSS 6.3
CVE-2024-2531 MEDIUM
Magesh-k21 Online-college-event-hall-... - Unrestricted File Upload
CVSS 6.3
CVE-2024-2529 MEDIUM
Magesh-k21 Online-college-event-hall-... - Unrestricted File Upload
CVSS 6.3
CVE-2024-26503 CRITICAL
Openeclass < 3.15 - Unrestricted File Upload
CVSS 9.1
CVE-2024-28425 HIGH
Linkedin Greykite - Unrestricted File Upload
CVSS 7.5
CVE-2024-28423 CRITICAL
Feluelle Airflow-diagrams - Unrestricted File Upload
CVSS 9.8
CVE-2024-28418 MEDIUM
Webedition Cms - Unrestricted File Upload
CVSS 6.5
CVE-2024-0800 HIGH
Arcserve Unified Data Protection <9.2-8.1 - Path Traversal
CVSS 8.8
CVE-2024-1311 HIGH
Brizy < 2.4.41 - Unrestricted File Upload
CVSS 8.8
CVE-2024-2406 MEDIUM
Gacjie Server <1.0 - Unrestricted Upload
CVSS 5.4
CVE-2024-1527 CRITICAL
Cmsmadesimple Cms Made Simple - Unrestricted File Upload
CVSS 9.8
CVE-2024-2394 MEDIUM
Walterjnr1 Employee Management System - Unrestricted File Upload
CVSS 4.7
CVE-2024-25994 MEDIUM
Phoenixcontact Charx Sec-3000 Firmware - Unrestricted File Upload
CVSS 5.3
CVE-2024-2268 MEDIUM
keerti1924 Online-Book-Store-Website 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2024-1986 HIGH
Booster Elite for WooCommerce <7.1.7 - RCE
CVSS 8.8
CVE-2024-27733 HIGH
Byzro Network Smart s42 - RCE
CVSS 7.7
CVE-2024-2148 MEDIUM
Oretnom23 Online Mobile Store Management System - Unrestricted File Upload
CVSS 6.3
CVE-2024-27747 CRITICAL
Petrol Pump Mangement Software <1.0 - RCE
CVSS 9.8
CVE-2024-2059 MEDIUM
Mayurik Petrol Pump Management - Unrestricted File Upload
CVSS 4.7
CVE-2024-2058 MEDIUM
Mayurik Petrol Pump Management - Unrestricted File Upload
CVSS 4.7
CVE-2024-0864 CRITICAL
Laragon - RCE
CVSS 9.8
CVE-2024-1468 HIGH
Theme-fusion Avada < 7.11.5 - Unrestricted File Upload
CVSS 8.8
Details
Vulnerabilities 4,016
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits