CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-33253 HIGH
LabCollector 6.0-6.15 - Authenticated Remote Code Execution via Message Function File Upload
CVSS 8.8
CVE-2023-3187 MEDIUM
PHPGurukul Teachers Record Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-27881 HIGH
PTC Vuforia Studio < 9.9 - Unauthenticated Arbitrary File Write via Upload Resource Functionality
CVSS 8.0
CVE-2023-33498 HIGH
alist <=3.16.3 - Unauthenticated Unrestricted File Upload
CVSS 8.8
CVE-2023-33601 HIGH
phpok 6.4.100 - Arbitrary File Upload via Admin Upload Endpoint
CVSS 8.8
CVE-2023-33569 HIGH
Sourcecodester Faculty Evaluation System v1.0 - RCE
CVSS 7.2
CVE-2023-32628 HIGH
Advantech WebAccess/SCADA < 9.1.3 - Remote Code Execution via Certificate File Extension Modification
CVSS 7.2
CVE-2023-22450 HIGH
Advantech WebAccss/SCADA <9.1.3 - Code Injection
CVSS 7.2
CVE-2023-29631 CRITICAL
jms_slider 1.6.0 - Unrestricted Upload of File with Dangerous Type via ajax_jmsslider.php
CVSS 9.8
CVE-2023-33386 CRITICAL
MarsCTF 1.2.1 - Arbitrary File Upload via Background Attachment Interface
CVSS 9.8
CVE-2023-3061 MEDIUM
Agro-School Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-3032 HIGH
Mobatime <6.7.22 - Unrestricted File Upload
CVSS 8.1
CVE-2023-28700 MEDIUM
OMICARD EDM - Local Privilege Escalation
CVSS 6.8
CVE-2023-28699 HIGH
Wade Graphic Design FANTSY - Code Injection
CVSS 8.8
CVE-2023-2063 MEDIUM
Mitsubishielectric Fx5-enet/ip Firmware - Unrestricted File Upload
CVSS 6.3
CVE-2023-33508 CRITICAL
KramerAV VIA GO < 4.0.1.1326 - Unauthenticated Remote Code Execution via File Upload
CVSS 9.8
CVE-2023-28353 HIGH
Faronics Insight 10.0.19045 - Unauthenticated Arbitrary File Upload
CVSS 8.8
CVE-2023-32689 MEDIUM
Parse Server < 5.4.4 - Unrestricted HTML File Upload via Public API
CVSS 6.3
CVE-2023-2924 MEDIUM
Supcon SimField < 1.80.00.00 - Unrestricted File Upload via /admin/reportupload.aspx
CVSS 4.7
CVE-2023-32686 HIGH
Kiwi TCMS < 12.3 - Unrestricted Upload of Dangerous File Types
CVSS 8.1
CVE-2023-22504 MEDIUM
Atlassian Confluence Server < 7.13.17 - Unrestricted File Upload via Attachments Feature
CVSS 6.5
CVE-2023-2888 MEDIUM
PHPOK 6.4.100 - Unrestricted Upload
CVSS 4.7
CVE-2023-29721 CRITICAL
SofaWiki <= 3.8.9 - Remote Code Execution via File Upload
CVSS 9.8
CVE-2023-28409 CRITICAL
MW WP Form < 4.4.2 - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-27397 CRITICAL
MicroEngine Mailform 1.1.0-1.1.8 - Unrestricted Upload of File with Dangerous Type via File Upload Function
CVSS 9.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits