CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2024-22426 HIGH
Dell RecoverPoint for Virtual Machines <6.0.SP1 - Command Injection
CVSS 7.2
CVE-2024-25414 CRITICAL
CSZ CMS 1.3.0 - Unauthenticated Arbitrary File Upload via Zip Archive in Admin Upgrade
CVSS 9.8
CVE-2024-23811 HIGH
SINEC NMS < V2.0 SP1 - Unrestricted Upload of File with Dangerous Type via TFTP
CVSS 8.8
CVE-2024-23762 HIGH
Gambio 4.9.2.0 - Unauthenticated Remote Code Execution via PHP File Upload in Content Manager
CVSS 7.8
CVE-2024-23759 CRITICAL
Gambio <= 4.9.2.0 - Remote Code Execution via Parcelshopfinder AddAddressBookEntry Search Parameter
CVSS 9.8
CVE-2024-25674 CRITICAL
MISP < 2.4.184 - Unrestricted Upload of File with Dangerous Type via Organisation Logo Upload
CVSS 9.8
CVE-2024-24393 CRITICAL
Pichome 1.1.01 - Remote Code Execution via File Upload
CVSS 9.8
CVE-2024-24202 CRITICAL
ZenTao Community Edition v18.10, Biz v8.10, Max v4.10 - Arbitrary File Upload RCE via .txt File
CVSS 9.8
CVE-2024-24350 HIGH
e-Sic Livre < 2.0 - Authenticated Remote Code Execution via Extension Filtering Bypass
CVSS 8.8
CVE-2024-24026 CRITICAL
novel-plus < 4.2.0 - Arbitrary File Upload via SysUserController uploadImg()
CVSS 9.8
CVE-2024-24025 CRITICAL
novel-plus < 4.2.0 - Arbitrary File Upload via FileController upload()
CVSS 9.8
CVE-2024-24024 CRITICAL
novel-plus < 4.2.0 - Arbitrary File Download via FileController
CVSS 9.8
CVE-2024-1268 MEDIUM
CodeAstro Restaurant POS System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2024-1264 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1263 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1262 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1261 MEDIUM
Juanpao JPShop <1.5.02 - Unrestricted Upload
CVSS 6.3
CVE-2024-1260 MEDIUM
juanpao jpshop < 1.5.02 - Unrestricted Upload of File with Dangerous Type via pic_url Argument
CVSS 6.3
CVE-2024-22515 HIGH
iSpyConnect.com Agent DVR <5.1.6.0 - Code Injection
CVSS 8.8
CVE-2024-1259 MEDIUM
Juanpao JPShop < 1.5.02 - Unrestricted File Upload via app_pic_url Parameter
CVSS 6.3
CVE-2024-1253 MEDIUM
Byzoro Smart S40 Management Platform < 2024-01-26 - Unrestricted File Upload via /useratte/web.php Import Handler
CVSS 4.7
CVE-2024-24000 CRITICAL
jshERP 3.3 - Arbitrary File Upload via systemConfig/upload Interface
CVSS 9.8
CVE-2024-0699 MEDIUM
AI Engine: Chatbots, Generators, Assistants, GPT 4 - File Upload
CVSS 6.6
CVE-2024-22567 HIGH
MCMS 5.3.5 - Unrestricted File Upload via /ms/file/upload.do
CVSS 8.8
CVE-2024-1116 HIGH
openBI <1.0.8 - Unrestricted Upload
CVSS 7.3
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits