CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434

CVE-2023-30266 HIGH

cltphp <=6.0 - Unrestricted Upload of File with Dangerous Type

CVSS 8.8

CVE-2023-26098 HIGH

Telindus Apsal <3.14.2022.235 - RCE

CVSS 8.2

CVE-2023-30613 HIGH

Kiwi TCMS < 12.2 - Unrestricted Upload of Dangerous File Types

CVSS 8.1

CVE-2023-1731 HIGH

Meinbergs LTOS <V7.06.013 - Command Injection

CVSS 7.2

CVE-2023-25132 CRITICAL

PowerPanel Business < 4.8.6 - Unauthenticated Arbitrary File Upload in default.cmd

CVSS 9.1

CVE-2023-2246 MEDIUM

Online Pizza Ordering System 1.0 - Unrestricted File Upload via admin/ajax.php img Parameter

CVSS 6.3

CVE-2023-2245 MEDIUM

hansunCMS 1.4.3 - Unrestricted File Upload via /ueditor/net/controller.ashx

CVSS 6.3

CVE-2023-28962 MEDIUM

Juniper Networks Junos OS <19.4R3-S11, <20.1R1, <20.2R3-S7, <20.3R1...

CVSS 5.3

CVE-2023-27755 HIGH

go-bbs v1 - Arbitrary File Download via /api/v1/download Endpoint

CVSS 8.8

CVE-2023-29627 HIGH

Online Pizza Ordering 1.0 - Arbitrary File Upload and Remote Code Execution

CVSS 8.8

CVE-2023-29625 HIGH

Employee Performance Evaluation System 1.0 - Unrestricted File Upload and Remote Code Execution

CVSS 8.8

CVE-2023-29621 HIGH

Purchase Order Management 1.0 - Unrestricted Upload of File with Dangerous Type

CVSS 8.8

CVE-2023-2034 HIGH

froxlor < 2.0.14 - Unrestricted Upload of File with Dangerous Type

CVSS 8.8

CVE-2023-26852 HIGH

Textpattern < 4.8.8 - Arbitrary File Upload via Upload Plugin

CVSS 7.2

CVE-2023-27179 HIGH

GDidees CMS <3.9.1 - Info Disclosure

CVSS 7.5

CVE-2023-27178 CRITICAL

GDidees CMS 3.9.1 - Arbitrary File Upload and Remote Code Execution

CVSS 9.8

CVE-2023-1970 MEDIUM

yuan1994 tpAdmin 1.3.12 - Unrestricted Upload

CVSS 6.3

CVE-2023-29375 CRITICAL

Progress Sitefinity <14.3.8025 - File Upload

CVSS 9.8

CVE-2023-1406 HIGH

WordPress JetEngine <3.1.3.1 - Remote Code Execution via Executable Upload

CVSS 8.8

CVE-2023-27602 CRITICAL

Apache Linkis <=1.3.1 - Unrestricted File Upload in PublicService Module

CVSS 9.8

CVE-2023-27033 CRITICAL

Prestashop cdesigner <3.1.8 - Code Injection

CVSS 9.8

CVE-2023-1942 MEDIUM

SourceCodester Online Computer and Laptop Store 1.0 - Unrestricted ...

CVSS 6.3

CVE-2023-24720 CRITICAL

readium-js 0.32.0 - Arbitrary File Upload via Crafted EPUB File

CVSS 9.8

CVE-2023-0670 HIGH

ulearn a5a7ca20de859051ea0470542844980a66dfc05d - Authenticated Remote Code Execution via Image Upload

CVSS 7.2

CVE-2023-20134 MEDIUM

Cisco Webex Meetings - Authenticated Stored Cross-Site Scripting and Arbitrary File Upload

CVSS 5.4

Details

Vulnerabilities 4,130

Exploit Likelihood Medium

Links