CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2023-6551 MEDIUM
verot class.upload.php - Stored Cross-Site Scripting via Unrestricted File Upload
CVSS 5.4
CVE-2023-50760 HIGH
Online Notice Board System 1.0 - Authenticated Remote Code Execution via Insecure File Upload
CVSS 8.8
CVE-2023-50922 HIGH
GL.iNet Firmware <= 4.5.0 - Authenticated Remote Code Execution via Crontab File Upload
CVSS 7.2
CVE-2023-45724 HIGH
HCL DRYiCE MyXalytics - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 8.2
CVE-2023-7181 MEDIUM
DedeBIZ < 6.2.12 - Unrestricted File Upload via Add Attachment Handler
CVSS 4.7
CVE-2023-51475 CRITICAL
IOSS WP MLM SOFTWARE PLUGIN <4.0 - Unrestricted Upload
CVSS 10.0
CVE-2023-51473 CRITICAL
Pixelemu TerraClassifieds - Unrestricted Upload
CVSS 10.0
CVE-2023-51468 CRITICAL
Rencontre - Dating Site <3.10.1 - Unrestricted Upload
CVSS 10.0
CVE-2023-51421 CRITICAL
Verge3D Publishing and E-Commerce <= 4.5.2 - Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2023-51419 CRITICAL
Bertha.Ai <1.11.10.7 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2023-51417 CRITICAL
Joris van Montfort JVM Gutenberg Rich Text Icons <= 1.2.3 - Unrestricted Upload of File with Dangerous Type
CVSS 9.9
CVE-2023-51412 CRITICAL
Piotnet Forms <1.0.25 - File Injection
CVSS 9.0
CVE-2023-51411 CRITICAL
Frontend Admin by DynamiApps <= 3.18.3 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2023-51410 CRITICAL
WPVibes WP Mail Log <1.1.2 - Unrestricted Upload
CVSS 9.9
CVE-2023-7159 MEDIUM
MasterLab < 3.3.10 - Unrestricted File Upload via Avatar Parameter in User Admin Function
CVSS 4.7
CVE-2023-7150 MEDIUM
Campcodes Chic Beauty Salon 20230703 - Unrestricted File Upload via Product Handler
CVSS 4.7
CVE-2023-7147 MEDIUM
masterlab < 3.3.10 - Unrestricted File Upload via base64ImageContent
CVSS 6.3
CVE-2023-50104 CRITICAL
ZZCMS 2023 - Unrestricted File Upload in E_bak5.1 Upload Endpoint
CVSS 9.8
CVE-2023-50038 HIGH
textpattern 4.8.8 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-50692 HIGH
jizhicms 2.5 - Remote Code Execution via File Upload in Download URL Parameter
CVSS 8.8
CVE-2023-5931 HIGH
rtMedia < 4.6.16 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2023-5673 HIGH
WP Mail Log < 1.1.3 - Unrestricted PHP File Upload and Remote Code Execution
CVSS 8.8
CVE-2023-52086 HIGH
resumable.php <3c6dbf5 - File Upload
CVSS 8.1
CVE-2023-7091 MEDIUM
Dreamer CMS 4.1.3 - Unrestricted File Upload via /upload/uploadFile Endpoint
CVSS 6.3
CVE-2023-51034 CRITICAL
TOTOlink EX1200L V9.3.5u.6146_B20201023 - Command Injection
CVSS 9.8
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits