CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434
CVE-2024-25832 HIGH
F-logic Datacube3 - Unrestricted File Upload
CVSS 8.8
CVE-2024-24146 MEDIUM
Libming - Memory Leak
CVSS 6.5
CVE-2024-23946 MEDIUM
Apache Ofbiz < 18.12.12 - Path Traversal
CVSS 5.3
CVE-2024-25869 HIGH
Codeastro Membership Management System - Unrestricted File Upload
CVSS 8.8
CVE-2024-1932 MEDIUM
freescout-helpdesk/freescout - File Injection
CVSS 4.8
CVE-2024-25846 CRITICAL
Simpleimportproduct < 6.7.0 - Unrestricted File Upload
CVSS 9.1
CVE-2024-1925 MEDIUM
Ctcms 2.1.2 - Unrestricted Upload
CVSS 5.0
CVE-2024-1921 MEDIUM
osuuu LightPicture <1.2.2 - Unrestricted Upload
CVSS 4.7
CVE-2024-1918 MEDIUM
Byzoro Smart S42 Management Platform <20240219 - Unrestricted Upload
CVSS 4.7
CVE-2024-25925 CRITICAL
Sysbasics Easy Checkout Field Editor - Unrestricted File Upload
CVSS 10.0
CVE-2024-25913 CRITICAL
Skymoonlabs Moveto < 6.2 - Unrestricted File Upload
CVSS 10.0
CVE-2024-25909 CRITICAL
Joomunited WP Media Folder < 5.7.3 - Unrestricted File Upload
CVSS 9.9
CVE-2024-25410 MEDIUM
flusity-CMS <2.33 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2024-24714 HIGH
Icons Font Loader <1.1.4 - Unrestricted Upload
CVSS 7.2
CVE-2024-1875 MEDIUM
Razormist Complaint Management System - Unrestricted File Upload
CVSS 6.3
CVE-2024-1819 MEDIUM
Codeastro Membership Management System - Unrestricted File Upload
CVSS 4.7
CVE-2024-1818 MEDIUM
Codeastro Membership Management System - Unrestricted File Upload
CVSS 4.7
CVE-2024-25802 CRITICAL
Skinsoft S-museum - Unrestricted File Upload
CVSS 9.8
CVE-2024-22393 CRITICAL
Apache Answer <1.2.1 - DoS
CVSS 9.1
CVE-2024-27283 HIGH
Veritas eDiscovery Platform <10.2.5 - Path Traversal
CVSS 7.2
CVE-2024-25801 MEDIUM
Skinsoft S-museum - XSS
CVSS 6.1
CVE-2024-25274 CRITICAL
Novel-Plus <4.3.0-RC1 - Code Injection
CVSS 9.8
CVE-2024-22824 CRITICAL
Timo <2.0.3 - RCE
CVSS 9.8
CVE-2024-1644 CRITICAL
Salesagility Suitecrm - Unrestricted File Upload
CVSS 9.9
CVE-2024-25636 HIGH
Misskey <2024.2.0 - SSRF
CVSS 7.1
Details
Vulnerabilities 4,016
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits