CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-3444 MEDIUM
Wangshen SecGate 3600 <20240408 - Unrestricted Upload
CVSS 4.7
CVE-2024-3437 HIGH
Prison Management System 1.0 - Unrestricted File Upload via Avatar Handler
CVSS 7.3
CVE-2024-3436 MEDIUM
Prison Management System 1.0 - Unrestricted File Upload via Avatar Handler
CVSS 6.3
CVE-2024-31345 CRITICAL
Sukhchain Singh Auto Poster <1.2 - Unrestricted Upload
CVSS 9.1
CVE-2024-31292 HIGH
Moove Agency Import XML/RSS Feeds <2.1.5 - Unrestricted Upload
CVSS 7.2
CVE-2024-31286 CRITICAL
J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus <8.6.03.005 - Unr...
CVSS 9.9
CVE-2024-31280 CRITICAL
Church Admin <= 4.1.5 - Arbitrary File Upload
CVSS 9.9
CVE-2024-3369 MEDIUM
code-projects Car Rental 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-31210 HIGH
WordPress < 4.1.40 - Authenticated Remote Code Execution via Plugin Upload
CVSS 7.6
CVE-2024-29387 HIGH
projeqtor < 11.2.0 - Remote Code Execution via /view/print.php
CVSS 8.8
CVE-2024-28520 MEDIUM
Byzoro Networks Smart <S210 - Info Disclosure
CVSS 6.5
CVE-2024-3022 HIGH
BookingPress < 1.0.87 - Authenticated Arbitrary File Upload via bookingpress_process_upload
CVSS 7.2
CVE-2024-27951 CRITICAL
Themeisle Multiple Page Generator Plugin - MPG <= 3.4.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2024-31012 CRITICAL
SEMCMS 4.8 - Unauthenticated Arbitrary File Upload via upload.php
CVSS 9.8
CVE-2024-29514 HIGH
leptoncms 7.1.0 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2024-3129 MEDIUM
SourceCodester Image Accordion Gallery App 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-30533 HIGH
Techeshta Layouts for Elementor <1.8 - Unrestricted Upload
CVSS 7.5
CVE-2024-31115 CRITICAL
QuanticaLabs Chauffeur Taxi Booking System <7.2 - Unrestricted Uplo...
CVSS 10.0
CVE-2024-31114 CRITICAL
biplob018 Shortcode Addons <3.2.5 - RCE
CVSS 9.1
CVE-2024-3117 MEDIUM
YouDianCMS <9.5.12 - Unrestricted Upload
CVSS 4.7
CVE-2024-30510 CRITICAL
Salon Booking System < 9.5 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2024-30500 CRITICAL
CubeWP - All-in-One Dynamic Content Framework <= 1.1.12 - Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2024-28713 CRITICAL
Mblog 3.5.0 - Remote Code Execution via Theme Management File Upload
CVSS 9.8
CVE-2024-2890 CRITICAL
Tumult Hype Animations <2 - Unrestricted Upload of File with Danger...
CVSS 9.1
CVE-2024-29100 CRITICAL
Jordy Meow AI Engine: ChatGPT Chatbot <= 2.1.4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits