CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-1558 MEDIUM
Simple and Beautiful Shopping Cart System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-28725 CRITICAL
General Bytes Crypto App Server <20230120 - RCE
CVSS 9.1
CVE-2023-1501 MEDIUM
RockOA 2.3.2 - Unrestricted Upload of File with Dangerous Type via fileid Argument
CVSS 6.3
CVE-2023-1497 MEDIUM
SourceCodester Simple and Nice Shopping Cart Script 1.0 - Unrestric...
CVSS 6.3
CVE-2023-1484 MEDIUM
xzjie cms <1.0.3 - Unrestricted Upload
CVSS 6.3
CVE-2023-1479 MEDIUM
SourceCodester Simple Music Player 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-1442 MEDIUM
Meizhou Qingyunke QYKCMS 4.3.0 - Unrestricted Upload
CVSS 4.7
CVE-2023-1433 MEDIUM
SourceCodester Gadget Works Online Ordering System 1.0 - Unrestrict...
CVSS 4.7
CVE-2023-28337 HIGH
Netgear Nighthawk Wifi6 Router (RAX30) - Unrestricted Firmware Upload via Hidden forceFWUpdate Parameter
CVSS 8.8
CVE-2023-1415 MEDIUM
Simple Art Gallery 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-27235 HIGH
Jizhicms 2.4.5 - Arbitrary File Upload and Remote Code Execution via PHTML File
CVSS 7.2
CVE-2023-27757 CRITICAL
PerfreeBlog 3.1.1 - Arbitrary File Upload via Admin User Image Upload
CVSS 9.8
CVE-2023-26262 HIGH
Sitecore Experience Manager < 10.3 - Authenticated Unrestricted File Upload
CVSS 7.2
CVE-2023-1392 MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2023-1391 MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - Unres...
CVSS 4.7
CVE-2023-0477 HIGH
Auto Featured Image (Auto Post Thumbnail) < 3.9.16 - Authenticated Arbitrary File Upload via AJAX Endpoint
CVSS 8.8
CVE-2023-23328 HIGH
AvantFAX 3.3.7 - Authenticated Unrestricted PHP File Upload via FileUpload.php
CVSS 8.8
CVE-2023-1328 MEDIUM
115cms 4.2 - Unrestricted File Upload via /admin/content/index
CVSS 4.7
CVE-2023-27164 MEDIUM
Halo < 1.6.1 - Arbitrary File Upload via Crafted .md File
CVSS 4.8
CVE-2023-1313 HIGH
Cockpit < 2.4.1 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-1303 MEDIUM
UCMS 1.6 - Unrestricted File Upload via sadmin/fileedit.php
CVSS 6.3
CVE-2023-22890 HIGH
SmartBear Zephyr Enterprise <= 7.15.0 - Unauthenticated Denial of Service via Large File Upload
CVSS 7.5
CVE-2023-26949 CRITICAL
onekeyadmin v1.3.9 - Arbitrary File Upload via /admin1/config/update
CVSS 9.8
CVE-2023-1185 MEDIUM
ECshop < 4.1.8 - Unrestricted File Upload via New Product Handler
CVSS 4.7
CVE-2023-1184 MEDIUM
ECshop < 4.1.8 - Unrestricted File Upload in Backup Database Handler
CVSS 4.7
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits