CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-3800 LOW
EasyAdmin8 2.0.2.2 - Unrestricted Upload
CVSS 3.9
CVE-2023-3798 MEDIUM
Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Unrestricted File Upload
CVSS 5.5
CVE-2023-3797 MEDIUM
Four Mountain Torrent System <= 20230712 - Unrestricted File Upload via Filedata
CVSS 5.5
CVE-2023-3796 MEDIUM
Bug Finder Foody Friend 1.0 - Unrestricted Upload of File with Dangerous Type via Profile Picture Handler
CVSS 4.3
CVE-2023-37289 CRITICAL
InfoDoc Document On-line Submission and Approval System 22547, 22567 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2023-34394 HIGH
Keysight Geolocation Server < 2.4.2 - Unauthenticated Arbitrary File Upload and Deletion via Improper Path Validation
CVSS 7.8
CVE-2023-3722 HIGH
Avaya Aura Device Services < 8.1.4.0 - Remote Code Execution via Malicious File Upload
CVSS 8.6
CVE-2023-35189 CRITICAL
Iagona ScrutisWeb <= 2.1.37 - Unauthenticated Remote Code Execution via Malicious File Upload
CVSS 10.0
CVE-2023-38404 HIGH
Veritas InfoScale Ops Mgr <8.0.0.410 - Command Injection
CVSS 7.2
CVE-2023-3692 HIGH
admidio < 4.2.10 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2023-30791 HIGH
Plane 0.7.1-dev - Unauthenticated Unrestricted Upload of HTML Files via Avatar Change
CVSS 7.1
CVE-2023-37839 CRITICAL
dedecms v5.7.109 - Arbitrary File Upload via file_manage_control.php
CVSS 9.8
CVE-2023-3342 CRITICAL
WordPress User Registration <3.0.2 - RCE
CVSS 9.9
CVE-2023-34136 CRITICAL
SonicWall GMS & Analytics <9.3.2-SP1 - Unauthenticated File Upload
CVSS 9.8
CVE-2023-34126 HIGH
SonicWall Analytics < 2.5.0.4-r7 and Global Management System < 9.3.2 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2023-37629 CRITICAL
Online Piggery Management System 1.0 - Unauthenticated Arbitrary File Upload via add-pig.php
CVSS 9.8
CVE-2023-3626 MEDIUM
Istrong Mountain Flood Disaster Prevention Monitoring And Early Warning System < 20230706 - Unrestricted File Upload
CVSS 6.3
CVE-2023-3625 MEDIUM
Suncreate Mountain Flood <20230706 - Unrestricted Upload
CVSS 6.3
CVE-2023-3623 MEDIUM
Suncreate Mountain Flood <20230704 - Unrestricted Upload
CVSS 6.3
CVE-2023-37656 CRITICAL
WebsiteGuide v0.2 - Remote Code Execution via Image Upload
CVSS 9.8
CVE-2023-37152 CRITICAL
Online Art Gallery Project 1.0 - Unauthenticated Arbitrary File Upload via adminHome.php
CVSS 9.8
CVE-2023-34193 HIGH
Zimbra Collaboration ZCS 8.8.15 - Authenticated Arbitrary File Upload via ClientUploader
CVSS 8.8
CVE-2023-36969 HIGH
CMS Made Simple 2.2.17 - Authenticated Remote Code Execution via File Upload
CVSS 8.8
CVE-2023-36809 HIGH
Kiwi TCMS < 12.5 - Unrestricted Upload of File with Dangerous Type via Nginx Configuration
CVSS 8.1
CVE-2023-37208 HIGH
Firefox < 115.0 and Firefox ESR < 102.13 - Unrestricted Upload of File with Dangerous Type via Diagcab Files
CVSS 7.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits