CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-20073 MEDIUM
Cisco RV340, RV340W, RV345, and RV345P Firmware < 1.0.03.29 - Unauthenticated Arbitrary File Upload
CVSS 5.3
CVE-2023-26857 HIGH
Dynamic Transaction Queuing System v1.0 - RCE
CVSS 7.2
CVE-2023-0265 HIGH
uvdesk community-skeleton 1.1.1 - Authenticated Remote Code Execution via Profile Picture Upload
CVSS 8.8
CVE-2023-26775 HIGH
Monitorr 1.7.6 - Remote Code Execution via File Upload to upload.php
CVSS 7.8
CVE-2023-1826 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - Unrestricted ...
CVSS 6.3
CVE-2023-1728 CRITICAL
Fernus Informatics LMS <23.04.03 - Code Injection
CVSS 9.8
CVE-2023-1800 HIGH
s jqzhang go-fastdfs <1.4.3 - Path Traversal
CVSS 7.3
CVE-2023-1797 MEDIUM
OTCMS 6.0.1 - Unrestricted Upload of File with Dangerous Type via sysCheckFile.php
CVSS 6.3
CVE-2023-26830 HIGH
Gladinet CentreStack <13.5.9808 - RCE
CVSS 7.2
CVE-2023-1744 MEDIUM
ibos < 4.5.5 - Unrestricted File Upload via htaccess Handler
CVSS 6.3
CVE-2023-1739 MEDIUM
SourceCodester Simple and Beautiful Shopping Cart System 1.0 - Unre...
CVSS 6.3
CVE-2023-28833 LOW
Nextcloud <24.0.10, <25.0.4 - Info Disclosure
CVSS 2.4
CVE-2023-1734 HIGH
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - Unrestrict...
CVSS 7.3
CVE-2023-28731 CRITICAL
AcyMailing Joomla Plugin < 8.3.0 - Unauthenticated File Upload Code Execution
CVSS 9.8
CVE-2023-26968 CRITICAL
Atrocore 1.5.25 - Unauthenticated File Upload
CVSS 9.8
CVE-2023-1684 MEDIUM
HadSky 7.7.16 - Unrestricted Upload
CVSS 4.7
CVE-2023-27246 HIGH
mk-auth < 23.01k4.9 - Arbitrary File Upload and Remote Code Execution via .htaccess File
CVSS 8.8
CVE-2023-28652 MEDIUM
Sauter-controls ey-as525f001_firmware - Denial-of-Service via Malicious Image Upload
CVSS 6.5
CVE-2023-25828 HIGH
Pluck CMS < 4.7.16 - Authenticated Remote Code Execution via Crafted JPEG Upload in Albums Module
CVSS 7.2
CVE-2023-25909 CRITICAL
HGiga OAKlouds Portal 2.0-2.0-10 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2023-25655 CRITICAL
baserCMS < 4.7.5 - Unauthenticated Unrestricted File Upload
CVSS 9.8
CVE-2023-25654 CRITICAL
baserCMS < 4.7.5 - Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2023-23707 MEDIUM
Embed Any Document <= 2.7.1 - Stored XSS via SVG/HTML Upload
CVSS 5.9
CVE-2023-1561 MEDIUM
Simple Online Hotel Reservation System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-1559 MEDIUM
SourceCodester Storage Unit Rental Management System 1.0 - Unrestri...
CVSS 4.7
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits