CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2023-6846 HIGH
File Manager Pro < 8.3.4 - Authenticated Arbitrary File Upload via mk_check_filemanager_php_syntax AJAX Function
CVSS 8.8
CVE-2023-6635 HIGH
EditorsKit <= 1.40.3 - Authenticated Arbitrary File Upload via Import Styles Function
CVSS 7.2
CVE-2023-6675 CRITICAL
National Keep CyberMath 1.4-<1.5 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-31505 HIGH
Schlix CMS 2.2.8-1 - Authenticated Arbitrary File Upload via .phtml File
CVSS 7.2
CVE-2023-52221 CRITICAL
UkrSolution Barcode Scanner and Inventory manager < 1.5.1 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2023-52324 HIGH
Trend Micro Apex Central - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2023-51925 CRITICAL
YonBIP v3_23.05 - Arbitrary File Upload via ArcpUploadAction.doAction()
CVSS 9.8
CVE-2023-51924 CRITICAL
YonBIP v3_23.05 - Arbitrary File Upload via uap.framework.rc.itf.IResourceManager Interface
CVSS 9.8
CVE-2023-51928 CRITICAL
YonBIP v3_23.05 - Remote Code Execution via Arbitrary File Upload in ArcpUploadAction
CVSS 9.8
CVE-2023-27168 CRITICAL
Xpand IT Write-back Manager <2.3.1 - RCE
CVSS 9.8
CVE-2023-40051 CRITICAL
Progress OpenEdge PASOE < 11.7.18, 12.2-12.2.13, < 12.8.0 - Unauthenticated Arbitrary File Upload via WEB Transport
CVSS 9.1
CVE-2023-4536 HIGH
WordPress Plugin <1.3.2 - Authenticated RCE
CVSS 8.8
CVE-2023-50729 HIGH
Traccar < 5.11 - Unauthenticated Arbitrary File Write via File Upload Feature
CVSS 8.4
CVE-2023-51806 MEDIUM
ujcms 8.0.2 - Unrestricted Upload of File with Dangerous Type
CVSS 5.4
CVE-2023-46474 HIGH
PMB 7.4.8 - Remote Code Execution via start_import.php File Upload
CVSS 7.2
CVE-2023-6979 HIGH
Customer Reviews for WooCommerce <= 5.38.9 - Authenticated Arbitrary File Upload via ivole_import_upload_csv AJAX Action
CVSS 8.8
CVE-2023-6636 HIGH
Greenshift - WordPress Plugin <7.6.2 - RCE
CVSS 7.2
CVE-2023-6558 HIGH
WordPress Export and Import Users <=2.4.8 - Authenticated File Upload to Code Execution
CVSS 7.2
CVE-2023-6316 CRITICAL
MW WP Form < 5.0.1 - Unauthenticated Arbitrary File Upload via _single_file_upload Function
CVSS 9.8
CVE-2023-6220 HIGH
Piotnet Forms <1.0.26 - File Upload
CVSS 8.1
CVE-2023-49715 MEDIUM
WWBN AVideo - Unrestricted PHP File Upload via import.json.php Temporary Copy
CVSS 4.3
CVE-2023-50982 CRITICAL
stud.ip < 5.0.9 - Remote Code Execution via Unrestricted File Upload in Admin_SmileysController
CVSS 9.0
CVE-2023-6140 HIGH
Essential Real Estate < 4.4.0 - Unauthenticated Arbitrary File Upload via ZIP Archive
CVSS 8.8
CVE-2023-5957 HIGH
Ni Purchase Order(PO) For WooCommerce < 1.2.1 - Authenticated Arbitrary File Upload via Logo/Signature Settings
CVSS 7.2
CVE-2023-7212 MEDIUM
dedecms < 5.7.112 - Unrestricted File Upload in Backend file_class.php
CVSS 4.7
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits