CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2024-0192 MEDIUM
RRJ Nueva Ecija Engineer Online Portal 1.0 - Unrestricted File Upload in Add Downloadable Component
CVSS 6.3
CVE-2024-0185 MEDIUM
RRJ Nueva Ecija Engineer Online Portal 1.0 - Unrestricted Upload of File with Dangerous Type in Avatar Handler
CVSS 4.7
CVE-2023-27753 HIGH
MK-Auth 23.01K4.9 - Arbitrary File Upload
CVSS 8.0
CVE-2023-50897 CRITICAL
Meow Apps Media File Renamer <5.7.7 - RCE
CVSS 9.1
CVE-2023-53980 CRITICAL
ProjectSend r1605 - Remote Code Execution via File Extension Manipulation
CVSS 9.8
CVE-2023-53971 HIGH
WebTareas 2.4 - Authenticated Remote Code Execution via Chat Photo Upload
CVSS 8.8
CVE-2023-53956 HIGH
Flatnux 2021-03.25 - Authenticated Remote Code Execution via File Manager PHP Upload
CVSS 8.8
CVE-2023-53952 HIGH
Dotclear 2.25.3 - Authenticated Remote Code Execution via PHAR File Upload
CVSS 8.8
CVE-2023-53950 CRITICAL
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload
CVSS 9.8
CVE-2023-53942 HIGH
File Thingie 2.5.7 - Authenticated Arbitrary File Upload via PHP Zip Archive
CVSS 8.8
CVE-2023-53933 HIGH
Serendipity 2.4.0 - Authenticated Remote Code Execution via PHAR File Upload
CVSS 8.8
CVE-2023-53924 HIGH
UliCMS 2023.1-sniffing-vicuna - RCE
CVSS 8.8
CVE-2023-53922 CRITICAL
TinyWebGallery 2.5 - Unauthenticated Remote Code Execution via Malicious PHAR File Upload
CVSS 9.8
CVE-2023-53921 CRITICAL
SitemagicCMS 4.4.3 - PHP File Upload Command Execution
CVSS 9.8
CVE-2023-53892 HIGH
Blackcat CMS 1.4 - Authenticated Remote Code Execution via jQuery Plugin Manager
CVSS 7.2
CVE-2023-53889 HIGH
Perch CMS 3.2 - Authenticated Remote Code Execution via Arbitrary PHP File Upload
CVSS 7.2
CVE-2023-53885 HIGH
Webutler 3.2 - Authenticated Remote Code Execution via PHAR File Upload
CVSS 7.2
CVE-2023-53876 MEDIUM
Academy LMS 6.1 - Authenticated Stored Cross-Site Scripting via Profile Avatar Upload
CVSS 5.4
CVE-2023-53871 CRITICAL
Soosyze 2.0.0 - Unrestricted Upload of File with Dangerous Type via Broken Upload Logic
CVSS 9.8
CVE-2023-53869 HIGH
WebIGniter 28.7.23 - Authenticated Remote Code Execution via Media File Upload
CVE-2023-53868 HIGH
Coppermine Gallery 1.6.25 - Authenticated RCE
CVSS 8.8
CVE-2023-7330 CRITICAL
Ruijie NBR Series Routers - Unauthenticated Arbitrary File Upload via /ddi/server/fileupload.php
CVE-2023-28814 CRITICAL
Hikvision iSecure Center - File Upload
CVSS 9.8
CVE-2023-7305 CRITICAL
SmartBI V8-V10 - Unrestricted File Upload
CVE-2023-7309 CRITICAL
Dahua Smart Park Integrated Management Platform - Path Traversal
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits