CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2023-47873 CRITICAL
WEN Solutions WP Child Theme Generator <= 1.0.9 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2023-47846 CRITICAL
WP Githuber MD <= 1.16.2 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2023-47842 CRITICAL
CataBlog <1.7.0 - Unrestricted Upload
CVSS 9.1
CVE-2023-39307 HIGH
ThemeFusion Avada <= 7.11.1 - Authenticated Arbitrary File Upload
CVSS 8.5
CVE-2023-38388 CRITICAL
Artbees JupiterX Core <3.3.5 - Unrestricted Upload
CVSS 9.0
CVE-2023-29386 CRITICAL
Julien Crego Manager <2.0 - Unrestricted Upload
CVSS 9.1
CVE-2023-6091 HIGH
mndpsingh287 Theme Editor <2.7.1 - Unrestricted Upload of File with...
CVSS 7.2
CVE-2023-27440 HIGH
OnTheGoSystems Types <3.4.17 - Unrestricted Upload
CVSS 7.2
CVE-2023-23656 CRITICAL
MainWP File Uploader Extension <4.1 - Unrestricted Upload
CVSS 10.0
CVE-2023-51444 HIGH
GeoServer < 2.23.4, 2.24.1 - Authenticated Arbitrary File Upload and Remote Code Execution via REST Coverage Store API
CVSS 7.2
CVE-2023-39933 MEDIUM
A.K.I Software PMailServer/PMailServer2 - Code Injection
CVSS 4.3
CVE-2023-42286 CRITICAL
eyoucms 1.6.4 - Remote Code Execution via Template Configuration File Upload
CVSS 9.8
CVE-2023-41505 CRITICAL
Student Enrollment In PHP v1.0 - RCE
CVSS 9.8
CVE-2023-30968 MEDIUM
Palantir Gotham Gaia - Stored Cross-Site Scripting via File Upload
CVSS 6.8
CVE-2023-45599 MEDIUM
AiLux imx6 <imx6_1.0.7-2 - File Upload
CVSS 5.5
CVE-2023-45595 MEDIUM
AiLux imx6 < 1.0.7-2 - Authenticated Unrestricted File Upload via File Configuration
CVSS 5.9
CVE-2023-6090 CRITICAL
Mollie Mollie Payments for WooCommerce <7.3.11 - Unrestricted Upload
CVSS 9.1
CVE-2023-25921 HIGH
IBM Security Guardium Key Lifecycle Manager 3.0-4.1.1 - Unrestricted Upload of File with Dangerous Type
CVSS 8.5
CVE-2023-25922 MEDIUM
IBM Security Guardium Key Lifecycle Manager 3.0-4.1.1 - Unrestricted Upload of File with Dangerous Type
CVSS 4.3
CVE-2023-41506 CRITICAL
Student Enrollment In PHP v1.0 - RCE
CVSS 9.8
CVE-2023-52154 HIGH
PMB < 7.4.7 - Remote Code Execution via PHTML File Upload
CVSS 7.2
CVE-2023-50386 HIGH
Apache Solr Backup/Restore APIs RCE
CVSS 8.8
CVE-2023-40265 HIGH
Unify OpenScape Xpressions WebAssistant 7.0-7r1_fr5_hf42_p911 - Authenticated Remote Code Execution via File Upload
CVSS 8.8
CVE-2023-25365 HIGH
October CMS 3.2.0 - Stored Cross-Site Scripting via MP3 File Upload
CVSS 7.8
CVE-2023-6925 HIGH
Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated Arbitrary File Upload via importZipFile Function
CVSS 7.2
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits