CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,128 vulnerabilities with CWE-434
CVE-2023-5147 MEDIUM
D-Link DAR-7000 <20151231 - Unrestricted Upload
CVSS 6.3
CVE-2023-5146 MEDIUM
D-Link DAR-7000/DAR-8000 <20151231 - Unrestricted Upload
CVSS 6.3
CVE-2023-5145 MEDIUM
D-Link DAR-7000 <20151231 - Unrestricted Upload
CVSS 6.3
CVE-2023-5144 MEDIUM
D-Link DAR-7000/DAR-8000 <= 20151231 - Unrestricted Upload
CVSS 6.3
CVE-2023-40183 HIGH
DataEase < 1.18.11 - Unrestricted Upload of File with Dangerous Type via ImageIO.read() Bypass
CVSS 7.5
CVE-2023-42335 HIGH
fl3xx Crew and Dispatch 2.10.37 - Unrestricted File Upload via New Expense Attachment
CVSS 8.8
CVE-2023-42331 HIGH
EliteCMS 1.01 - Remote Code Execution via Unrestricted File Upload in manage_uploads.php
CVSS 8.8
CVE-2023-43497 HIGH
Jenkins < 2.414.2 and 2.423 - Unrestricted Upload of File with Dangerous Type via Stapler Web Framework
CVSS 8.1
CVE-2023-43478 HIGH
Telstra Smart Modem Gen 2 (Arcadyan LH1000) < 0.18.15r - Unauthenticated Firmware Upload
CVSS 8.8
CVE-2023-41902 HIGH
CoreCode MacUpdater < 2.3.8 and 3.x < 3.1.2 - Privilege Escalation via Malicious .pkg File
CVSS 7.8
CVE-2023-43619 HIGH
schollz/croc < 9.6.5 - Unrestricted Upload of File with Dangerous Type
CVSS 7.8
CVE-2023-38887 HIGH
Dolibarr ERP CRM < 17.0.1 - Unauthenticated Arbitrary File Upload via Extension Filtering Bypass
CVSS 8.8
CVE-2023-36319 HIGH
Openupload 0.4.3 - Remote Code Execution via Compress Action Parameter
CVSS 8.8
CVE-2023-5034 MEDIUM
SourceCodester My Food Recipe 1.0 - Unrestricted Upload of File with Dangerous Type in Image Upload Handler
CVSS 6.3
CVE-2023-41626 MEDIUM
Gradio 3.27.0 - Arbitrary File Upload via Upload Interface
CVSS 4.8
CVE-2023-4988 MEDIUM
Bettershop LaikeTui - Unrestricted File Upload via imgFile Parameter in index.php
CVSS 6.3
CVE-2023-42180 HIGH
lenosp 1.0-1.2.0 - Arbitrary File Upload via /user/upload Component
CVSS 8.8
CVE-2023-30962 MEDIUM
Gotham Cerberus < 100.230704.0-27-g031dd58 - Stored Cross-Site Scripting
CVSS 6.8
CVE-2023-40784 CRITICAL
dedecms 5.7.102 - Unrestricted Upload of File with Dangerous Type via module_make.php
CVSS 9.8
CVE-2023-2071 CRITICAL
Rockwell Automation FactoryTalk View < 13.0 - Unauthenticated Remote Code Execution via CIP Class Library Upload
CVSS 9.8
CVE-2023-40731 MEDIUM
QMS Automotive <V12.39 - Code Injection
CVSS 5.7
CVE-2023-42472 HIGH
SAP BusinessObjects BI Platform 420 - Authenticated Arbitrary File Upload via Web Intelligence HTML Interface
CVSS 8.7
CVE-2023-41564 MEDIUM
Cockpit CMS 2.6.3 - Arbitrary File Upload via Asset Upload Function
CVSS 6.1
CVE-2023-39424 CRITICAL
ResortData IRM Next Gen - Authenticated Arbitrary File Upload & RCE via RDPngFileUpload.dll
CVSS 9.9
CVE-2023-41009 CRITICAL
adlered bolo-solo 2.6 - Remote Code Execution via Authorization Header Script Upload
CVSS 9.8
Details
Vulnerabilities 4,128
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits