CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,016 vulnerabilities with CWE-434
CVE-2023-51034 CRITICAL
TOTOlink EX1200L V9.3.5u.6146_B20201023 - Command Injection
CVSS 9.8
CVE-2023-42017 HIGH
IBM Planning Analytics - Unrestricted File Upload
CVSS 8.0
CVE-2023-7054 MEDIUM
Phpgurukul Online Notes Sharing System - XSS
CVSS 5.5
CVE-2023-7036 MEDIUM
Automad < 1.10.9 - XSS
CVSS 4.7
CVE-2023-7026 MEDIUM
Lightxun Iptv Gateway < 20231208 - Unrestricted File Upload
CVSS 4.3
CVE-2023-25970 CRITICAL
Zendrop < 1.0.1 - Unrestricted File Upload
CVSS 9.8
CVE-2023-23970 HIGH
WooRockets Corsa - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-49814 CRITICAL
Symbiostock < 6.0.0 - Unrestricted File Upload
CVSS 9.1
CVE-2023-47784 HIGH
Themepunch Slider Revolution < 6.6.15 - Unrestricted File Upload
CVSS 8.4
CVE-2023-46149 CRITICAL
Themify Ultra < 7.3.5 - Unrestricted File Upload
CVSS 9.9
CVE-2023-45603 CRITICAL
Plugin-planet User Submitted Posts - Unrestricted File Upload
CVSS 9.0
CVE-2023-40204 CRITICAL
Premio Folders < 2.9.2 - Unrestricted File Upload
CVSS 9.1
CVE-2023-34385 CRITICAL
Akshaymenariya Export Import Menus < 1.8.0 - Unrestricted File Upload
CVSS 9.9
CVE-2023-34007 CRITICAL
WPChill Download Monitor <4.8.3 - Unrestricted Upload
CVSS 9.9
CVE-2023-33318 CRITICAL
WooCommerce AutomateWoo <4.9.40 - Unrestricted Upload
CVSS 9.9
CVE-2023-31231 CRITICAL
Unlimited-elements Unlimited Elements For Elementor < 1.5.66 - Unrestricted File Upload
CVSS 9.9
CVE-2023-31215 CRITICAL
AmaderCode Lab <2.1.2 - Unrestricted Upload
CVSS 9.9
CVE-2023-29384 CRITICAL
HM Plugin WordPress Job Board and Recruitment Plugin - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2023-29102 CRITICAL
Olive One Click Demo Import <1.1.1 - Unrestricted Upload
CVSS 9.1
CVE-2023-28170 CRITICAL
Themely Theme Demo Import < 1.1.1 - Unrestricted File Upload
CVSS 9.1
CVE-2023-6562 HIGH
Kakadu 7.9 - File Exfiltration
CVSS 7.5
CVE-2023-6976 HIGH
Lfprojects Mlflow < 2.9.2 - Unrestricted File Upload
CVSS 8.8
CVE-2023-47706 MEDIUM
IBM Security Guardium Key Lifecycle Manager - Unrestricted File Upload
CVSS 6.6
CVE-2023-46264 CRITICAL
Avalanche <6.4.1 - RCE
CVSS 9.8
CVE-2023-46263 CRITICAL
Avalanche <6.4.1 - RCE
CVSS 9.8
Details
Vulnerabilities 4,016
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits