CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-34440 CRITICAL
Jordy Meow AI Engine: ChatGPT Chatbot - Unrestricted Upload of File...
CVSS 9.1
CVE-2024-34416 CRITICAL
Pk Favicon Manager <2.1 - Unrestricted Upload
CVSS 9.1
CVE-2024-34411 CRITICAL
Thomas Scholl canvasio3D Light <2.5.0 - Unrestricted Upload
CVSS 9.9
CVE-2024-32700 CRITICAL
Kognetiks Chatbot for WordPress <2.0.0 - Unrestricted File Upload
CVSS 10.0
CVE-2024-31377 CRITICAL
J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus - Unrestricted Up...
CVSS 10.0
CVE-2024-33120 CRITICAL
Roothub v2.5 - Arbitrary File Upload via CustomPath Parameter
CVSS 9.8
CVE-2024-4345 CRITICAL
Startklar Elementor Addons <1.7.13 - File Upload
CVSS 9.8
CVE-2024-33752 MEDIUM
emlog pro 2.3.0 and 2.3.2 - Arbitrary File Upload via Plugin Admin Interface
CVSS 6.3
CVE-2024-4500 MEDIUM
Prison Management System 1.0 - Unrestricted File Upload via Employee Photo Edit
CVSS 6.3
CVE-2024-33786 CRITICAL
Zhongcheng Kexin Ticketing Mgmt <20.04 - RCE
CVSS 9.8
CVE-2024-4033 HIGH
All-in-One Video Gallery plugin <3.6.4 - RCE
CVSS 8.8
CVE-2024-2667 CRITICAL
InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2024-1567 HIGH
Royal Elementor Addons < 1.3.95 - Unauthenticated File Upload via Missing Validation
CVSS 8.2
CVE-2024-4349 HIGH
Pisay Online E-Learning System 1.0 - Unrestricted File Upload via Lesson Controller
CVSS 7.3
CVE-2024-28269 HIGH
ReCrystallize Server <5.10.0.0 - RCE
CVSS 7.2
CVE-2024-33438 HIGH
CubeCart < 6.5.5 - Authenticated Arbitrary Code Execution via PHAR File Upload
CVSS 8.0
CVE-2024-4306 CRITICAL
HubBank 1.0.2 - Authenticated Unrestricted File Upload via Document Upload Fields
CVSS 9.9
CVE-2024-32880 CRITICAL
pyload < 0.5.0 - Authenticated Remote Code Execution via Template Upload
CVSS 9.1
CVE-2024-3962 CRITICAL
Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file
CVSS 9.8
CVE-2024-0916 CRITICAL
UvDesk Community 1.0.0-1.1.3 - Unauthenticated Remote Code Execution via File Upload
CVSS 10.0
CVE-2024-31610 MEDIUM
Code-Projects Simple School Management System 1.0 - Remote Code Execution via Avatar Upload
CVSS 6.3
CVE-2024-31615 CRITICAL
ThinkCMF 6.0.9 - Unrestricted File Upload via UeditorController.php
CVSS 9.8
CVE-2024-3508 MEDIUM
Trusted Profile Analyzer - Authenticated Unrestricted Upload of Compressed SBOM Files
CVSS 4.3
CVE-2024-32954 CRITICAL
Tribulant Newsletters <4.9.5 - Unrestricted Upload
CVSS 9.1
CVE-2024-32836 CRITICAL
WP Lab WP-Lister Lite for eBay <3.5.11 - Unrestricted Upload of Fil...
CVSS 9.1
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits