CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,128 vulnerabilities with CWE-434
CVE-2023-3375 HIGH
Unisign Bookreen <3.0.0 - Code Injection
CVSS 7.2
CVE-2023-41108 HIGH
TEF portal <2023-07-17 - Authenticated RCE
CVSS 8.8
CVE-2023-4739 MEDIUM
Byzoro Smart S85F Firmware < 20230820 - Unrestricted File Upload via updateos.php
CVSS 6.3
CVE-2023-40980 CRITICAL
DWSurvey < 3.2.0 - Remote Code Execution via Unrestricted File Upload in saveimage Method
CVSS 9.8
CVE-2023-41638 HIGH
GruppoSCAI RealGimm <1.1.37p38 - RCE
CVSS 8.8
CVE-2023-41637 CRITICAL
GruppoSCAI RealGimm <1.1.37p38 - RCE
CVSS 9.8
CVE-2023-4596 CRITICAL
Forminator < 1.24.6 - Unauthenticated Arbitrary File Upload via upload_post_image()
CVSS 9.8
CVE-2023-40825 HIGH
Perfree PerfreeBlog 3.1.2 - Remote Code Execution via Plugin Upload
CVSS 7.2
CVE-2023-38029 CRITICAL
Saho ADM-100 and ADM-100FP Firmware - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2023-4559 MEDIUM
Bettershop LaikeTui - Unrestricted Upload
CVSS 6.3
CVE-2023-32757 CRITICAL
e-Excellence U-Office Force - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-24517 MEDIUM
Pandora FMS < 767 - Unauthenticated Unrestricted Upload of File with Dangerous Type via File Manager
CVSS 6.4
CVE-2023-38836 HIGH
BoidCMS Command Injection
CVSS 8.8
CVE-2023-4409 MEDIUM
NBS&HappySoftWeChat 1.1.6 - Unrestricted Upload of File with Dangerous Type
CVSS 6.3
CVE-2023-39970 CRITICAL
acymailing_starter 6.7.0-8.5.0 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2023-31946 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31941 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-39115 CRITICAL
Campcodes Online Matrimonial Website System Script <3.3 - XSS
CVSS 9.8
CVE-2023-38915 CRITICAL
EasyAdmin8 1.0 - Remote Code Execution via File Upload
CVSS 9.8
CVE-2023-28482 MEDIUM
Tigergraph Enterprise 3.7.0 - Info Disclosure
CVSS 6.5
CVE-2023-28480 MEDIUM
Tigergraph Enterprise 3.7.0 - Privilege Escalation
CVSS 6.5
CVE-2023-32564 CRITICAL
Ivanti Avalanche < 6.4.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-32562 CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2023-39776 CRITICAL
PHPJabbers Ticket Support Script 3.2 - Remote Code Execution via File Upload
CVSS 9.8
CVE-2023-4243 HIGH
FULL - Customer < 2.2.3 - Authenticated Arbitrary File Upload via /install-plugin REST Route
CVSS 8.8
Details
Vulnerabilities 4,128
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits