CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434
CVE-2023-7309 CRITICAL
Dahua Smart Park Integrated Management Platform - Path Traversal
CVE-2023-31585 CRITICAL
Grocery-CMS-PHP-Restful-API v1.3 - File Upload
CVSS 9.8
CVE-2023-42248 MEDIUM
Seling Visual Access Manager < 4.42.2 - Unrestricted File Upload
CVSS 6.5
CVE-2023-52044 CRITICAL
Studio-42 eLfinder 2.1.62 - RCE
CVSS 9.8
CVE-2023-26690 HIGH
CS-Cart MultiVendor <4.16.1 - RCE
CVSS 8.8
CVE-2023-26686 CRITICAL
CS-Cart MultiVendor <4.16.1 - RCE
CVSS 9.8
CVE-2023-0714 HIGH
Wpmet Metform Elementor Contact Form ... - Unrestricted File Upload
CVSS 8.1
CVE-2023-7061 HIGH
Advancedfilemanager File Manager Adva... - Unrestricted File Upload
CVSS 8.8
CVE-2023-45197 CRITICAL
Adminerevo < 4.8.3 - Path Traversal
CVSS 9.8
CVE-2023-45188 MEDIUM
IBM Engineering Lifecycle Optimizatio... - Unrestricted File Upload
CVSS 6.5
CVE-2023-33930 CRITICAL
Unlimited Elements For Elementor <1.5.66 - Code Injection
CVSS 9.1
CVE-2023-46694 HIGH
Vtenext 21.02 - Authenticated RCE
CVSS 8.1
CVE-2023-25444 CRITICAL
Joomsky JS Help Desk < 2.7.8 - Unrestricted File Upload
CVSS 9.1
CVE-2023-50717 MEDIUM
Nocodb < 0.202.10 - XSS
CVSS 5.7
CVE-2023-47711 LOW
IBM Security Guardium - Unrestricted File Upload
CVSS 2.7
CVE-2023-51590 CRITICAL
Voltronic Power ViewPower Pro - RCE
CVSS 9.8
CVE-2023-39463 HIGH
Trianglemicroworks Scada Data Gateway - Unrestricted File Upload
CVSS 7.2
CVE-2023-39462 MEDIUM
Trianglemicroworks Scada Data Gateway - Unrestricted File Upload
CVSS 6.5
CVE-2023-38098 HIGH
Netgear Prosafe Network Management System - Unrestricted File Upload
CVSS 8.8
CVE-2023-38095 HIGH
Netgear Prosafe Network Management System - Unrestricted File Upload
CVSS 8.8
CVE-2023-31090 CRITICAL
Unlimited Elements <1.5.60 - Unrestricted File Upload
CVSS 9.9
CVE-2023-51409 CRITICAL
Meowapps AI Engine < 1.9.99 - Unrestricted File Upload
CVSS 10.0
CVE-2023-46808 CRITICAL
Ivanti ITSM <2023.4 - Command Injection
CVSS 9.9
CVE-2023-49815 CRITICAL
WappPress <5.0.3 - Unrestricted Upload
CVSS 10.0
CVE-2023-48777 CRITICAL
Elementor Website Builder <3.18.1 - Unrestricted Upload
CVSS 9.9
Details
Vulnerabilities 4,016
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits