CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,130 vulnerabilities with CWE-434
CVE-2023-31689
CRITICAL
wcms 0.3.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via /wcms/wex/html.php
CVSS 9.8
CVE-2023-2712
CRITICAL
Rental Module < 23.05.15 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2023-30333
CRITICAL
PerfreeBlog 3.1.2 - Arbitrary File Upload and Remote Code Execution via ThemeController
CVSS 9.8
CVE-2023-2776
MEDIUM
Simple Photo Gallery 1.0 - Unrestricted Upload of File with Dangerous Type
CVSS 6.3
CVE-2023-31903
CRITICAL
GuppY CMS 6.00.10 - Unrestricted File Upload and Remote Code Execution via PHP File Upload
CVSS 9.8
CVE-2023-31857
CRITICAL
Sourcecodester Online Computer and Laptop Store 1.0 - RCE
CVSS 9.8
CVE-2023-2738
MEDIUM
Tongda OA 11.10 - Unrestricted File Upload via GatewayController.php actionGetdata
CVSS 6.3
CVE-2023-31576
HIGH
Serendipity 2.4-beta1 - Arbitrary File Upload and Remote Code Execution
CVSS 8.8
CVE-2023-30247
CRITICAL
Oretnom23 Storage Unit Rental Management System 1.0 - Remote Code Execution via Update Settings File Upload
CVSS 9.8
CVE-2023-29657
HIGH
eXtplorer 2.1.15 - Unrestricted File Upload via ZIP Archive
CVSS 8.8
CVE-2023-2648
MEDIUM
Weaver E-Office 9.5 - Unrestricted Upload
CVSS 6.3
CVE-2023-29930
HIGH
Genesys TFTP Server - Unauthenticated Remote Code Execution via Configuration Page
CVSS 8.8
CVE-2023-28128
HIGH
Ivanti Avalanche < 6.3.4.153 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2023-24507
HIGH
AgilePoint NX <8.0 SU2.3 - Insecure File Upload
CVSS 8.8
CVE-2023-30185
CRITICAL
crmeb 4.4.0-4.6.0 - Arbitrary File Upload via SystemAttachmentServices.php
CVSS 9.8
CVE-2023-30090
CRITICAL
Semcms Shop 4.2 - Arbitrary File Upload via SEMCMS_Upfile.php
CVSS 9.8
CVE-2023-30122
CRITICAL
Online Food Ordering System v2.0 - Unauthenticated RCE via Arbitrary File Upload
CVSS 9.8
CVE-2023-30264
CRITICAL
cltphp <=6.0 - Unrestricted Upload of File with Dangerous Type via Template Update
CVSS 9.8
CVE-2023-2523
HIGH
Weaver E-Office 9.5 - Unrestricted Upload of File with Dangerous Type via upload_quwan Parameter
CVSS 7.3
CVE-2023-0924
HIGH
ZYREX POPUP < 1.1 - Authenticated Arbitrary File Upload via Popup Creation
CVSS 7.2
CVE-2023-29635
CRITICAL
Antabot White-Jotter 0.2.2 - Remote Code Execution via File Upload
CVSS 9.8
CVE-2023-2424
MEDIUM
DedeCMS 5.7.106 - Unrestricted File Upload via UpDateMemberModCache Function
CVSS 6.3
CVE-2023-2419
MEDIUM
Zhong Bang CRMEB 4.6.0 - Unrestricted Upload of File with Dangerous Type via videoUpload Function
CVSS 4.7
CVE-2023-24269
HIGH
Textpattern 4.8.8 - Arbitrary File Upload via Plugin Zip File
CVSS 8.8
CVE-2023-29268
CRITICAL
TIBCO Spotfire Statistics Services <12.0 - File Upload
CVSS 9.8
Details
Vulnerabilities
4,130
Exploit Likelihood
Medium