CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-3504 MEDIUM
SmartWeb Infotech Job Board 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-3503 MEDIUM
SourceCodester Shopping Website 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-3491 HIGH
fossbilling < 0.5.3 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-32621 HIGH
WL-WN531AX2 Firmware < 2023526 - Authenticated Arbitrary File Upload and OS Command Execution
CVSS 7.2
CVE-2023-34738 CRITICAL
chemex < 3.7.1 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-34736 HIGH
Guantang Equipment Management System 4.12 - Arbitrary File Upload
CVSS 7.2
CVE-2023-32526 MEDIUM
Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Arbitrary File Write via Widget Vulnerability
CVSS 6.5
CVE-2023-32525 MEDIUM
Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Arbitrary File Write via Widget Vulnerability
CVSS 6.5
CVE-2023-33404 CRITICAL
BlogEngine.NET < 3.3.8.0 - Remote Code Execution via Insufficient Upload Validation
CVSS 9.8
CVE-2023-36630 HIGH
CloudPanel <2.3.1 - Privilege Escalation/Authentication Bypass
CVSS 8.8
CVE-2023-1721 CRITICAL
Yoga Class Registration System <1.0 - Command Injection
CVSS 9.1
CVE-2023-27083 HIGH
Pluck CMS 4.7.15-4.7.16-dev5 - Authenticated Remote Code Execution via File Upload
CVSS 7.2
CVE-2023-36097 CRITICAL
funadmin <3.3.3 - Insecure File Upload
CVSS 9.8
CVE-2023-35808 HIGH
SugarCRM 11.0.0-11.0.5 12.0.0-12.0.2 - Authenticated Unrestricted File Upload in Notes Module
CVSS 8.8
CVE-2023-3295 HIGH
Unlimited Elements For Elementor <= 1.5.66 - Authenticated Arbitrary File Upload via File Manager
CVSS 8.8
CVE-2023-34660 MEDIUM
jeecg-boot V3.5.0 - Unauthenticated Arbitrary File Upload via jmreport Upload Interface
CVSS 6.5
CVE-2023-34845 MEDIUM
Bludit 3.14.1 - Arbitrary File Upload via SVG File in /admin/new-content
CVSS 5.4
CVE-2023-32753 CRITICAL
OMICARD EDM - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-32752 CRITICAL
L7 Networks InstantScan IS-8000 and InstantQoS IQ-8000 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2023-34833 MEDIUM
ThinkAdmin v6 - Unauthenticated Arbitrary File Upload via /api/upload.php
CVSS 6.1
CVE-2023-3274 MEDIUM
Supplier Management System 1.0 - Unrestricted File Upload via Picture Handler
CVSS 6.3
CVE-2023-34747 CRITICAL
ujcms 6.0.2 - Unauthenticated Unrestricted File Upload via Web File Upload Endpoint
CVSS 9.8
CVE-2023-34944 CRITICAL
Chamilo 1.11.0-1.11.18 - Arbitrary File Upload and Remote Code Execution via SVG File
CVSS 9.8
CVE-2023-31541 CRITICAL
CKEditor v1.2.3 - Unrestricted File Upload via Browse and Upload Images Feature
CVSS 9.8
CVE-2023-3049 CRITICAL
TMT Lockcell <15 - Command Injection
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits