CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,123 vulnerabilities with CWE-434
CVE-2023-42659 CRITICAL
WS_FTP Server < 8.7.6 and 8.8.4 - Authenticated Unrestricted File Upload via API Call
CVSS 9.1
CVE-2023-33480 HIGH
RemoteClinic 2.0 - Privilege Escalation
CVSS 8.8
CVE-2023-5601 CRITICAL
WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
CVSS 9.8
CVE-2023-41725 HIGH
Ivanti Avalanche < 6.4.1.236 - Unrestricted File Upload and Local Privilege Escalation
CVSS 7.8
CVE-2023-41357 HIGH
Galaxy Software Vitals ESP 6.1 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2023-5919 MEDIUM
Company Website CMS 1.0 - Unrestricted File Upload via Create Blog Page
CVSS 4.7
CVE-2023-42802 CRITICAL
GLPI 10.0.7-10.0.9 - Unrestricted Upload of File with Dangerous Type via Unverified Object Instantiation
CVSS 10.0
CVE-2023-5860 HIGH
Icons Font Loader <= 1.1.2 - Authenticated Arbitrary File Upload via Missing File Type Validation
CVSS 7.2
CVE-2023-46428 HIGH
HadSky 7.12.10 - Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2023-20196 MEDIUM
Cisco Identity Services Engine - Authenticated Arbitrary File Upload via Web-Based Management Interface
CVSS 4.7
CVE-2023-20195 MEDIUM
Cisco Identity Services Engine - Authenticated Arbitrary File Upload via Web Management Interface
CVSS 4.7
CVE-2023-1720 CRITICAL
Bitrix24 22.0.300 - Authenticated Arbitrary File Upload via file.ajax.php
CVSS 9.6
CVE-2023-1713 HIGH
Bitrix24 22.0.300 - Authenticated Remote Code Execution via .htaccess File Upload
CVSS 8.8
CVE-2023-40050 CRITICAL
Chef Automate <= 4.10.29 - Remote Code Execution via InSpec Check Command
CVSS 9.9
CVE-2023-5360 CRITICAL
WordPress Royal Elementor Addons RCE
CVSS 9.8
CVE-2023-42803 MEDIUM
BigBlueButton < 2.6.0-beta.2 - Unrestricted File Upload via insertDocument API
CVSS 5.3
CVE-2023-5829 MEDIUM
Admission Management System 1.0 - Unrestricted File Upload via student_avatar.php
CVSS 6.3
CVE-2023-46815 HIGH
SugarCRM <12.0.4-13.0.2 - Unrestricted File Upload
CVSS 8.8
CVE-2023-5812 MEDIUM
flusity CMS - Unrestricted Upload of File with Dangerous Type via uploaded_file Argument
CVSS 4.7
CVE-2023-5796 MEDIUM
CodeAstro POS System 1.0 - Unrestricted File Upload via Logo Handler
CVSS 6.3
CVE-2023-5795 MEDIUM
CodeAstro POS System 1.0 - Unrestricted File Upload via Profile Picture Handler
CVSS 6.3
CVE-2023-5790 MEDIUM
File Manager App 1.0 - Unrestricted File Upload via add-file.php Endpoint
CVSS 6.3
CVE-2023-45555 HIGH
zzzcms 2.1.9 - Remote Code Execution via File Upload in down_url Function
CVSS 7.8
CVE-2023-45554 CRITICAL
zzzcms 2.1.9 - Unauthenticated Arbitrary File Upload via imageext Parameter Manipulation
CVSS 9.8
CVE-2023-26578 HIGH
IDAttend's IDWeb <3.1.013 - Command Injection
CVSS 8.8
Details
Vulnerabilities 4,123
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits