CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,123 vulnerabilities with CWE-434
CVE-2023-5965
MEDIUM
EspoCRM < 7.5.2 - Authenticated Remote Code Execution via Zip Upload in Update Form
CVSS 4.7
CVE-2023-49052
HIGH
Microweber 2.0.4 - Unauthenticated Arbitrary File Upload via Created Forms Component
CVSS 8.8
CVE-2023-4226
HIGH
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2023-4225
HIGH
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via Unrestricted PHP File Upload
CVSS 8.8
CVE-2023-4224
HIGH
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2023-4223
HIGH
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2023-4220
HIGH
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
CVSS 8.1
CVE-2023-6219
HIGH
BookingPress < 1.0.76 - Authenticated Arbitrary File Upload via bookingpress_process_upload Function
CVSS 7.2
CVE-2023-29770
HIGH
Sentrifugo 3.5 - Authenticated Unrestricted File Upload via AssetsController
CVSS 8.8
CVE-2023-5604
CRITICAL
Asgaros Forum < 2.7.1 - Unauthenticated Dangerous File Upload via Insecure Configuration
CVSS 9.8
CVE-2023-41998
CRITICAL
Arcserve UDP < 9.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via RPSService4CPMImpl Interface
CVSS 9.8
CVE-2023-6308
MEDIUM
Xiamen Four-Faith Video Surveillance Management System 2016/2017 - Unrestricted File Upload via Apache Struts
CVSS 6.3
CVE-2023-6274
MEDIUM
Byzoro Smart S80 <20231108 - Unrestricted Upload
CVSS 6.3
CVE-2023-41812
MEDIUM
Pandora FMS 700-773 - Unrestricted Upload of File with Dangerous Type via File Manager
CVSS 5.7
CVE-2023-41788
HIGH
Pandora FMS 700-773 - Unauthenticated Remote Code Execution via PHP File Upload
CVSS 7.6
CVE-2023-5822
HIGH
Contact Form 7 < 1.3.7.3 - Unauthenticated Arbitrary File Upload via Insufficient File Type Validation
CVSS 8.1
CVE-2023-6187
HIGH
Paid Memberships Pro <2.12.3 - Code Injection
CVSS 7.5
CVE-2023-39548
HIGH
EXPRESSCLUSTER X <= 5.1 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2023-48031
CRITICAL
OpenSupports 4.11.0 - Unrestricted Upload of File with Dangerous Type via Comment Function
CVSS 9.8
CVE-2023-6133
MEDIUM
Forminator < 1.27.0 - Authenticated Arbitrary File Upload via Insufficient MIME Type Blacklist
CVSS 6.6
CVE-2023-48217
HIGH
Statamic < 3.4.14 and 4.0.0-4.34.0 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-6127
MEDIUM
SuiteCRM < 7.12.14 - Unrestricted Upload of File with Dangerous Type
CVSS 5.4
CVE-2023-47621
HIGH
duncanmcclean/guest_entries < 3.1.3 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-6102
MEDIUM
Maiwei Safety Production Control Platform 4.1 - Unrestricted Upload
CVSS 5.3
CVE-2023-47129
HIGH
Statamic < 3.4.13 and 4.0.0-4.33.0 - Unrestricted Upload of File with Dangerous Type via Front-End Forms
CVSS 8.3
Details
Vulnerabilities
4,123
Exploit Likelihood
Medium