CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434

CVE-2024-1113 MEDIUM

openBI <1.0.8 - Unrestricted Upload

CVSS 6.3

CVE-2024-1069 HIGH

Contact Form Entries < 1.3.2 - Authenticated Arbitrary File Upload via view_page Function

CVSS 7.2

CVE-2024-1036 HIGH

openBI < 1.0.8 - Unrestricted File Upload via Icon Handler

CVSS 7.3

CVE-2024-1035 HIGH

openBI < 1.0.8 - Unrestricted File Upload via Icon Upload Function

CVSS 7.3

CVE-2024-1034 HIGH

openbi < 1.0.8 - Unrestricted File Upload via File.php uploadFile Function

CVSS 7.3

CVE-2024-1027 MEDIUM

SourceCodester Facebook News Feed Like 1.0 - Unrestricted Upload of File with Dangerous Type in Post Handler

CVSS 6.3

CVE-2024-1008 MEDIUM

SourceCodester Employee Management System 1.0 - Unrestricted File Upload via Profile Page edit-photo.php

CVSS 4.7

CVE-2024-0939 MEDIUM

Byzoro Smart S210 Management Platform <20240117 - Unrestricted Upload

CVSS 6.3

CVE-2024-0933 MEDIUM

Niushop B2C V5 - Unrestricted Upload

CVSS 6.3

CVE-2024-22550 MEDIUM

ShopSite 14.0 - Arbitrary File Upload via SVG File in mediam.cgi

CVSS 6.1

CVE-2024-23630 CRITICAL

Motorola MR2600 Firmware - Arbitrary Firmware Upload

CVSS 9.0

CVE-2024-24399 HIGH

Lepton CMS 7.0.0 - Authenticated Arbitrary File Upload via Backend Languages Index

CVSS 7.2

CVE-2024-22152 HIGH

WebToffee Product Import Export <2.3.7 - Unrestricted Upload

CVSS 8.0

CVE-2024-22135 HIGH

Webtoffee Order Export & Order Import For Woocommerce < 2.4.4 - Unrestricted File Upload

CVSS 8.0

CVE-2024-23180 HIGH

a-blog cms < 2.9.0 - Authenticated Remote Code Execution via SVG File Upload

CVSS 8.8

CVE-2024-0783 MEDIUM

Project Worlds Online Admission System 1.0 - Unrestricted Upload

CVSS 6.3

CVE-2024-22895 HIGH

DedeCMS 5.7.112 - Unrestricted Upload of File with Dangerous Type via module_upload.php

CVSS 8.8

CVE-2024-0648 HIGH

Yunyou CMS <2.2.6 - Unrestricted Upload

CVSS 7.3

CVE-2024-20272 HIGH

Cisco Unity Connection < 12.5.1.19017-4 - Unauthenticated Arbitrary File Upload and Remote Code Execution

CVSS 7.3

CVE-2024-0643 CRITICAL

C21 Live Encoder & Live Mosaic <5.3 - RCE

CVSS 10.0

CVE-2024-0505 MEDIUM

ZhongFuCheng3y Austin 1.0 - Unrestricted Upload

CVSS 5.5

CVE-2024-0468 MEDIUM

Fighting Cock Information System 1.0 - Unrestricted Upload

CVSS 6.3

CVE-2024-0352 HIGH

likeshop < 2.5.7.20210311 - Unrestricted File Upload via FileServer::userFormImage

CVSS 7.3

CVE-2024-0300 MEDIUM

Byzoro Smart S150 Firmware < 2024-01-01 - Unrestricted File Upload via web_img Parameter

CVSS 6.3

CVE-2024-0194 MEDIUM

CodeAstro Internet Banking System <= 1.0 - Unrestricted File Upload in Profile Picture Handler

CVSS 6.3

Details

Vulnerabilities 4,123

Exploit Likelihood Medium

Links