CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,128 vulnerabilities with CWE-434
CVE-2023-5795 MEDIUM
CodeAstro POS System 1.0 - Unrestricted File Upload via Profile Picture Handler
CVSS 6.3
CVE-2023-5790 MEDIUM
File Manager App 1.0 - Unrestricted File Upload via add-file.php Endpoint
CVSS 6.3
CVE-2023-45555 HIGH
zzzcms 2.1.9 - Remote Code Execution via File Upload in down_url Function
CVSS 7.8
CVE-2023-45554 CRITICAL
zzzcms 2.1.9 - Unauthenticated Arbitrary File Upload via imageext Parameter Manipulation
CVSS 9.8
CVE-2023-26578 HIGH
IDAttend's IDWeb <3.1.013 - Command Injection
CVSS 8.8
CVE-2023-5524 HIGH
M-Files Web Companion < 23.10 and < 23.8 LTS SR1 - Remote Code Execution via Insufficient File Type Blacklisting
CVSS 8.2
CVE-2023-45384 CRITICAL
KnowBand supercheckout 5.0.7-6.0.7 - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-37502 CRITICAL
HCL Compass 2.0.0-2.0.2 - Unrestricted Upload of File with Dangerous Type
CVSS 9.0
CVE-2023-46004 HIGH
Sourcecodester Best Courier Management System 1.0 - File Upload
CVSS 7.2
CVE-2023-41631 HIGH
esst_monitoring < 2.147.1 - Remote Code Execution via File Upload
CVSS 8.8
CVE-2023-45952 CRITICAL
lylme_spage 1.7.0 - Arbitrary File Upload via ajax_link.php
CVSS 9.8
CVE-2023-44824 HIGH
Expense Management System 1.0 - Unauthenticated Arbitrary Code Execution via sign-up.php File Upload
CVSS 7.8
CVE-2023-34207 CRITICAL
EasyUse MailHunter Ultimate < 2023 - Authenticated Arbitrary Command Execution via Crafted ZIP Archive
CVSS 9.9
CVE-2023-35018 LOW
IBM Security Verify Governance 10.0 - Authenticated Arbitrary File Upload
CVSS 3.3
CVE-2023-45856 CRITICAL
qdPM 9.2 - Remote Code Execution via Unrestricted PHP File Upload
CVSS 9.8
CVE-2023-44962 MEDIUM
Koha Library Software < 23.05.04 - Arbitrary File Read via Cover Image Upload
CVSS 5.3
CVE-2023-5493 MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230928 - Unrestricted File Upload via file_upload
CVSS 6.3
CVE-2023-5492 MEDIUM
Byzoro Smart S45F < 20230928 - Unrestricted File Upload via /sysmanage/licence.php
CVSS 6.3
CVE-2023-5491 MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230928 - Unrestricted File Upload
CVSS 6.3
CVE-2023-5490 MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230928 - Unrestricted File Upload via userattestation.php
CVSS 6.3
CVE-2023-5489 MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230928 - Unrestricted File Upload
CVSS 6.3
CVE-2023-5488 MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230928 - Unrestricted File Upload
CVSS 6.3
CVE-2023-44763 MEDIUM
Concrete CMS 9.2.1 - Arbitrary File Upload and Cross-Site Scripting via Thumbnail File Upload
CVSS 5.4
CVE-2023-43696 HIGH
SICK APU0200 Firmware < 4.0.0.6 - Unauthenticated Arbitrary File Read and Write via FTP Server
CVSS 8.2
CVE-2023-45353 HIGH
Atos Unify OpenScape Common Management Portal V10 < R4.17.0 & V10 R5.1.0 - Authenticated RCE via File Upload
CVSS 8.8
Details
Vulnerabilities 4,128
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits