CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2023-31585 CRITICAL
Grocery-CMS-PHP-Restful-API v1.3 - File Upload
CVSS 9.8
CVE-2023-42248 MEDIUM
Selesta Visual Access Manager < 4.42.2 - Authenticated Arbitrary File Write via vam_Sql.php POST Parameters
CVSS 6.5
CVE-2023-52044 CRITICAL
Studio-42 elFinder 2.1.62 - Remote Code Execution via Unrestricted .php8 File Upload
CVSS 9.8
CVE-2023-26690 HIGH
CS-Cart MultiVendor 4.16.1 - Unauthenticated Arbitrary File Upload via File Manager
CVSS 8.8
CVE-2023-26686 CRITICAL
CS-Cart MultiVendor 4.16.1 - Remote Code Execution via Product Image Upload
CVSS 9.8
CVE-2023-0714 HIGH
Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Arbitrary File Upload via Double Extension Bypass
CVSS 8.1
CVE-2023-7061 HIGH
Advanced File Manager Shortcodes <= 2.5.3 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2023-45197 CRITICAL
AdminerEvo < 4.8.3 - Path Traversal and Arbitrary File Write via File Upload Plugin
CVSS 9.8
CVE-2023-45188 MEDIUM
IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.0.3 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2023-33930 CRITICAL
Unlimited Elements For Elementor <1.5.66 - Code Injection
CVSS 9.1
CVE-2023-46694 HIGH
Vtenext 21.02 - Authenticated Unrestricted Upload of File with Dangerous Type via Ckeditor File Manager
CVSS 8.1
CVE-2023-25444 CRITICAL
JS Help Desk - Best Help Desk & Support Plugin < 2.7.7 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2023-50717 MEDIUM
NocoDB 0.202.6-0.202.10 - Stored Cross-Site Scripting via HTML File Upload
CVSS 5.7
CVE-2023-47711 LOW
IBM Security Guardium 11.3-12.0 - Authenticated Denial of Service via File Upload
CVSS 2.7
CVE-2023-51590 CRITICAL
Voltronic Power ViewPower Pro - RCE
CVSS 9.8
CVE-2023-39463 HIGH
Triangle MicroWorks SCADA Data Gateway - Unauthenticated Remote Code Execution via Trusted Certification File Upload
CVSS 7.2
CVE-2023-39462 MEDIUM
Triangle MicroWorks SCADA Data Gateway - Unrestricted Upload of File with Dangerous Type via Workspace Processing
CVSS 6.5
CVE-2023-38098 HIGH
NETGEAR ProSAFE Network Management System < 1.7.0.20 - Remote Code Execution via UpLoadServlet Unrestricted File Upload
CVSS 8.8
CVE-2023-38095 HIGH
NETGEAR ProSAFE Network Management System < 1.7.0.20 - Remote Code Execution via MFileUploadController
CVSS 8.8
CVE-2023-31090 CRITICAL
Unlimited Elements <1.5.60 - Unrestricted File Upload
CVSS 9.9
CVE-2023-51409 CRITICAL
Jordy Meow AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2023-46808 CRITICAL
Ivanti ITSM <2023.4 - Command Injection
CVSS 9.9
CVE-2023-49815 CRITICAL
WappPress <5.0.3 - Unrestricted Upload
CVSS 10.0
CVE-2023-48777 CRITICAL
Elementor Website Builder <3.18.1 - Unrestricted Upload
CVSS 9.9
CVE-2023-48275 HIGH
Trustindex.Io Widgets - Unrestricted Upload
CVSS 8.0
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits