CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2024-23946 MEDIUM
Apache OFBiz < 18.12.12 - Path Traversal and Arbitrary File Inclusion
CVSS 5.3
CVE-2024-25869 HIGH
CodeAstro Membership Management System 1.0 - Unauthenticated Remote Code Execution via settings.php File Upload
CVSS 8.8
CVE-2024-1932 MEDIUM
freescout-helpdesk/freescout - File Injection
CVSS 4.8
CVE-2024-25846 CRITICAL
simpleimportproduct <= 6.7.0 - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2024-1925 MEDIUM
Ctcms 2.1.2 - Unrestricted Upload of File with Dangerous Type in Upsys.php
CVSS 5.0
CVE-2024-1921 MEDIUM
osuuu LightPicture <1.2.2 - Unrestricted Upload
CVSS 4.7
CVE-2024-1918 MEDIUM
Byzoro Smart S42 Management Platform <20240219 - Unrestricted Upload
CVSS 4.7
CVE-2024-25925 CRITICAL
WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-25913 CRITICAL
Skymoonlabs MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2024-25909 CRITICAL
JoomUnited WP Media folder <= 5.7.2 - Unauthenticated Arbitrary File Upload
CVSS 9.9
CVE-2024-25410 MEDIUM
flusity-CMS <2.33 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2024-24714 HIGH
Icons Font Loader <1.1.4 - Unrestricted Upload
CVSS 7.2
CVE-2024-1875 MEDIUM
Complaint Management System 1.0 - Unrestricted File Upload via Lodge Complaint Section
CVSS 6.3
CVE-2024-1819 MEDIUM
CodeAstro Membership Management System 1.0 - Unrestricted File Upload via Member Photo
CVSS 4.7
CVE-2024-1818 MEDIUM
CodeAstro Membership Management System 1.0 - Unrestricted File Upload in Logo Handler
CVSS 4.7
CVE-2024-25802 CRITICAL
SKINsoft S-Museum 7.02.3 - Unrestricted File Upload via Add Media Function
CVSS 9.8
CVE-2024-22393 CRITICAL
Apache Answer < 1.2.5 - Authenticated Denial of Service via Large Pixel File Upload
CVSS 9.1
CVE-2024-27283 HIGH
Veritas eDiscovery Platform <10.2.5 - Path Traversal
CVSS 7.2
CVE-2024-25801 MEDIUM
SKINsoft S-Museum 7.02.3 - Stored Cross-Site Scripting via Uploaded Filename
CVSS 6.1
CVE-2024-25274 CRITICAL
Novel-Plus <4.3.0-RC1 - Code Injection
CVSS 9.8
CVE-2024-22824 CRITICAL
Timo <2.0.3 - Remote Code Execution
CVSS 9.8
CVE-2024-1644 CRITICAL
SuiteCRM 7.14.2 - Local File Inclusion
CVSS 9.9
CVE-2024-25636 HIGH
Misskey < 2024.2.0 - Account Takeover via Unrestricted Activity Streams Document Upload
CVSS 7.1
CVE-2024-25623 HIGH
Mastodon <4.2.7, 4.1.15, 4.0.15, 3.5.19 - Info Disclosure
CVSS 8.5
CVE-2024-25627 LOW
Alf.io < 2.0-m4-2304 - Authenticated Arbitrary File Upload and Stored Cross-Site Scripting via HTML File Upload
CVSS 3.5
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits