CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,128 vulnerabilities with CWE-434
CVE-2023-4186 MEDIUM
SourceCodester Pharmacy Management System 1.0 - Unrestricted File Upload via manage_website.php
CVSS 6.3
CVE-2023-39346 HIGH
LinuxASMCallGraph < 2022-02-08 - Remote Code Execution via Crafted ZIP File Upload
CVSS 8.8
CVE-2023-4159 HIGH
Omeka S < 4.0.3 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-38947 HIGH
WBCE CMS 1.6.1 - Arbitrary File Upload via Languages Install Endpoint
CVSS 7.2
CVE-2023-36299 HIGH
typecho 1.2.1 - Remote Code Execution via File Upload in index.php
CVSS 8.8
CVE-2023-36298 HIGH
DedeCMS v5.7.109 - Unrestricted File Upload leading to Remote Code Execution
CVSS 8.8
CVE-2023-4121 MEDIUM
Byzoro Smart S85F < 20230722 - Unrestricted File Upload via file_upload Argument
CVSS 6.3
CVE-2023-36212 HIGH
Total CMS 1.7.4 - Unauthenticated Arbitrary File Upload via Edit Page Function
CVSS 8.8
CVE-2023-38330 MEDIUM
OXID eShop EE 6.5.0-6.5.2 - HTTP Response Splitting
CVSS 5.3
CVE-2023-31428 MEDIUM
Brocade Fabric OS <9.1.1c, 9.2.0 - Info Disclosure
CVSS 5.5
CVE-2023-39147 HIGH
Uvdesk 1.1.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image File
CVSS 7.8
CVE-2023-33493 CRITICAL
ajaxmanager < 2.3.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-32225 CRITICAL
SysAid On-Premises < 23.2.14 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-37677 CRITICAL
Pligg CMS v2.0.2 - Remote Code Execution via admin_editor.php
CVSS 9.8
CVE-2023-34798 CRITICAL
e-office < 9.5 - Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2023-3486 HIGH
PaperCut MF and NG < 22.1.3 - Unauthenticated Arbitrary File Upload
CVSS 8.2
CVE-2023-32637 CRITICAL
GBrowse - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-3852 MEDIUM
OpenRapid RapidCMS <1.3.1 - Unrestricted Upload
CVSS 4.7
CVE-2023-3836 MEDIUM
Dahua Smart Park Management <20230713 - Unrestricted Upload
CVSS 6.3
CVE-2023-3806 MEDIUM
SourceCodester House Rental <1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-3804 MEDIUM
Cdwanjiang Flash Flood Disaster Monitoring And Warning System - Unrestricted File Upload
CVSS 5.5
CVE-2023-3803 LOW
Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - In...
CVSS 2.6
CVE-2023-3802 MEDIUM
Cdwanjiang Flash Flood Disaster Monitoring And Warning System - Unrestricted File Upload
CVSS 5.5
CVE-2023-3800 LOW
EasyAdmin8 2.0.2.2 - Unrestricted Upload
CVSS 3.9
CVE-2023-3798 MEDIUM
Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Unrestricted File Upload
CVSS 5.5
Details
Vulnerabilities 4,128
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits