CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-28890 MEDIUM
Forminator < 1.29.0 - Unrestricted Upload of File with Dangerous Type
CVSS 5.3
CVE-2024-29368 MEDIUM
moziloCMS 2.0 - Unrestricted Upload of File with Dangerous Type via File Renaming
CVSS 6.5
CVE-2024-29661 CRITICAL
dedecms v5.7 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2024-23534 HIGH
Ivanti Avalanche < 6.4.3 - Authenticated Remote Code Execution via Unrestricted File Upload
CVSS 8.8
CVE-2024-3948 MEDIUM
SourceCodester Home Clean Service System 1.0 - Unrestricted File Upload in Photo Handler
CVSS 6.3
CVE-2024-32161 CRITICAL
jizhicms 2.5 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2024-32514 CRITICAL
WP Poll Maker <3.4 - Info Disclosure
CVSS 9.9
CVE-2024-31680 HIGH
Shibang Communications Co., Ltd. IP Network Intercom Broadcasting System - File Upload
CVSS 8.8
CVE-2024-32256 HIGH
Phpgurukul Tourism Management System 2.0 - Unrestricted Upload of File with Dangerous Type via Change Image Endpoint
CVSS 8.1
CVE-2024-32254 HIGH
Phpgurukul Tourism Management System v2.0 - Unrestricted Upload of File with Dangerous Type via Admin Create Package
CVSS 8.8
CVE-2024-3863 CRITICAL
Firefox < 125 and ESR < 115.10 - Unrestricted Download of Dangerous File Type
CVSS 9.8
CVE-2024-3804 MEDIUM
Vesystem Cloud Desktop <20240408 - Unrestricted Upload
CVSS 6.3
CVE-2024-3803 MEDIUM
Vesystem Cloud Desktop <20240408 - Unrestricted Upload
CVSS 6.3
CVE-2024-3778 HIGH
Ai3 QbiBot - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2024-3736 MEDIUM
nginxwebui < 4.2.4 - Unrestricted File Upload via Admin Upload Function
CVSS 4.3
CVE-2024-3705 HIGH
OpenGnsys 1.1.1d - Unrestricted File Upload via M_Icons.php Endpoint
CVSS 8.8
CVE-2024-3344 MEDIUM
Otter Blocks < 2.6.9 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-31214 CRITICAL
Traccar 5.1-5.12 - Unauthenticated Arbitrary File Upload via Device Image API
CVSS 9.6
CVE-2024-2221 CRITICAL
qdrant - Path Traversal and Arbitrary File Write via Snapshot Upload Endpoint
CVSS 9.8
CVE-2024-24809 HIGH
Traccar - Unrestricted File Upload
CVSS 8.5
CVE-2024-3521 MEDIUM
Byzoro Smart S80 Management Platform <20240317 - Unrestricted Upload
CVSS 4.7
CVE-2024-2334 MEDIUM
Template Kit - Import plugin <1.0.14 - XSS
CVSS 6.4
CVE-2024-2125 HIGH
EnvíaloSimple: Email Marketing y Newsletters - CSRF
CVSS 8.8
CVE-2024-31454 MEDIUM
PsiTransfer < 2.2.0 - Unauthenticated File Upload and Integrity Violation via File Distribution Endpoint
CVSS 6.5
CVE-2024-31453 MEDIUM
PsiTransfer < 2.2.0 - Unrestricted File Upload via File Distribution Endpoint
CVSS 6.5
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits