CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2023-6902 MEDIUM
codelyfe stupid_simple_cms < 1.2.4 - Unauthenticated Unrestricted File Upload via /file-manager/upload.php
CVSS 5.5
CVE-2023-6887 MEDIUM
ForestBlog < 2022-06-30 - Unrestricted File Upload via Image Upload Handler
CVSS 6.3
CVE-2023-6850 MEDIUM
KodExplorer < 4.52.01 - Unrestricted File Upload via API Endpoint Handler
CVSS 6.3
CVE-2023-48394 HIGH
Kaifa WebITR Attendance System - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-6827 HIGH
Essential Real Estate < 4.3.5 - Authenticated Arbitrary File Upload via ajaxUploadFonts Function
CVSS 7.5
CVE-2023-6826 HIGH
E2Pdf < 1.20.25 - Authenticated Arbitrary File Upload via Import Action
CVSS 7.2
CVE-2023-48376 CRITICAL
SmartStar Software CWS - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-48371 CRITICAL
ITPison OMICARD EDM - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-50564 HIGH
Pluck-CMS 4.7.18 - Arbitrary File Upload via ZIP File in Modules Install
CVSS 8.8
CVE-2023-6794 MEDIUM
PAN-OS 8.1.0-8.1.25 - Authenticated Arbitrary File Upload
CVSS 5.5
CVE-2023-6723 CRITICAL
europeana/repox - Unrestricted Upload of File with Dangerous Type via transformationfileupload Function
CVSS 10.0
CVE-2023-4122 CRITICAL
Student Information System 1.0 - Authenticated Remote Code Execution via Insecure File Upload
CVSS 9.9
CVE-2023-6576 MEDIUM
Byzoro S210 <20231123 - Unrestricted Upload
CVSS 6.3
CVE-2023-6574 MEDIUM
Byzoro Smart S20 <20231120 - Unrestricted Upload
CVSS 6.3
CVE-2023-39539 HIGH
AMI AptioV - Unrestricted Upload of Dangerous File Type via PNG Logo
CVSS 7.5
CVE-2023-39538 HIGH
AMI AptioV - Unrestricted Upload of BMP Logo File via Local Access
CVSS 7.5
CVE-2023-48930 CRITICAL
xinhu 2.2.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-40460 HIGH
ALEOS < 4.16.0 - Authenticated Unrestricted File Upload in ACEManager
CVSS 7.1
CVE-2023-5953 HIGH
Welcart e-Commerce < 2.9.5 - Authenticated Arbitrary File Upload via Unvalidated AJAX Action
CVSS 8.8
CVE-2023-48966 HIGH
ThinkAdmin v6.1.53 - Arbitrary File Upload via Zip File
CVSS 8.8
CVE-2023-48965 HIGH
ThinkAdmin v6.1.53 - Unrestricted Upload of File with Dangerous Type via /admin/api.plugs/script
CVSS 8.8
CVE-2023-5637 HIGH
ArslanSoft Education Portal < v1.1 - Unrestricted Upload of File with Dangerous Type
CVSS 7.5
CVE-2023-5636 CRITICAL
ArslanSoft Education Portal < v1.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-6449 MEDIUM
Contact Form 7 <5.8.3 - File Upload
CVSS 6.6
CVE-2023-5966 MEDIUM
EspoCRM < 7.5.2 - Authenticated Arbitrary PHP Code Execution via Extension Deployment Form
CVSS 4.7
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits