CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2024-29891 HIGH
ZITADEL < 2.42.17 - Unrestricted HTML Upload via Avatar Image Feature
CVSS 8.7
CVE-2024-1532 MEDIUM
Hitachi Energy RTU500 CMU Authenticated Unrestricted File Upload via STB-Language File
CVSS 6.8
CVE-2024-1531 HIGH
Hitachi Energy RTU500 CMU firmware memory disclosure via crafted stb-language file
CVSS 8.2
CVE-2024-2930 HIGH
SourceCodester Music Gallery Site 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2024-30231 CRITICAL
WebToffee Product Import Export <2.4.1 - Unrestricted Upload
CVSS 9.1
CVE-2024-29515 HIGH
leptoncms 7.1.0 - Authenticated Arbitrary File Upload via save.php and config.php
CVSS 8.8
CVE-2024-28105 HIGH
phpmyfaq >=3.2.5 <3.2.6 - Unrestricted Upload of File with Dangerous Type via Category Image Upload
CVSS 7.2
CVE-2024-2849 MEDIUM
SourceCodester Simple File Manager 1.0 - Unrestricted File Upload via Photo Argument
CVSS 6.3
CVE-2024-29272 MEDIUM
VvvebJs < 1.7.5 - Arbitrary File Upload
CVSS 6.5
CVE-2024-28441 CRITICAL
magicflue < 7.0 - Remote Code Execution via mail/mailupdate.jsp messageid Parameter
CVSS 9.8
CVE-2024-27964 HIGH
Zippy <= 1.6.9 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2024-2754 MEDIUM
SourceCodester Complete E-Commerce Site 1.0 - Unrestricted File Upload via /admin/users_photo.php Photo Parameter
CVSS 4.7
CVE-2024-29859 CRITICAL
MISP <2.4.187 - File Upload Vulnerability
CVSS 9.8
CVE-2024-27923 HIGH
Grav < 1.7.43 - Remote Code Execution via Frontmatter Feature
CVSS 8.8
CVE-2024-2690 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-1205 HIGH
Wemanage < 1.2.3 - Unrestricted File Upload
CVSS 8.8
CVE-2024-29135 CRITICAL
Themefic Tourfic <= 2.11.15 - Arbitrary File Upload
CVSS 9.9
CVE-2024-2636 CRITICAL
Cegid Meta4 HR - Unrestricted Upload of File
CVSS 9.0
CVE-2024-2604 MEDIUM
SourceCodester File Manager App 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-2599 CRITICAL
AMSS++ 4.31 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2024-27957 CRITICAL
Pie Register < 3.8.3.1 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-2565 MEDIUM
PandaXGO PandaX < 2024-03-10 - Unrestricted Upload of File with Dangerous Type in File Extension Handler
CVSS 6.3
CVE-2024-2561 MEDIUM
74cms 3.28.0 - Unrestricted File Upload via Company Logo Handler
CVSS 6.3
CVE-2024-2531 MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - Unrestricted File Upload via update-rooms.php
CVSS 6.3
CVE-2024-2529 MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - Unrestricted File Upload via rooms.php
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits