CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-25402 HIGH
yf-exam 1.8.0 - Unrestricted File Upload
CVSS 7.5
CVE-2023-20009 MEDIUM
Cisco Secure Email Gateway/SMA - Privilege Escalation
CVSS 6.5
CVE-2023-24045 MEDIUM
Dataiku DSS 11.2.1 - Info Disclosure
CVSS 6.5
CVE-2023-24249 HIGH
laravel-admin 1.8.19 - Arbitrary File Upload and Remote Code Execution via PHP File
CVSS 7.2
CVE-2023-26762 HIGH
Sme.UP ERP TOKYO V6R1M220406 - File Upload
CVSS 8.8
CVE-2023-24317 HIGH
Judging Management System 1.0 - File Upload
CVSS 8.1
CVE-2023-0943 MEDIUM
Best POS Management System 1.0 - Unrestricted File Upload via Image Handler
CVSS 4.7
CVE-2023-0918 MEDIUM
Pharmacy Management System 1.0 - Unrestricted File Upload via Avatar Image Handler
CVSS 6.3
CVE-2023-22937 MEDIUM
Splunk < 8.1.13 - Improper Input Validation
CVSS 4.3
CVE-2023-24530 HIGH
SAP BusinessObjects Business Intelligence Platform (CMC) - 420-430 ...
CVSS 8.4
CVE-2023-23851 MEDIUM
SAP Business Planning and Consolidation - File Upload
CVSS 5.4
CVE-2023-24646 CRITICAL
Food Ordering System v2.0 - Unauthenticated Arbitrary File Upload via /fos/admin/ajax.php
CVSS 9.8
CVE-2023-0255 HIGH
Enable Media Replace <4.0.2 - Code Injection
CVSS 8.8
CVE-2023-0783 MEDIUM
EcShop 4.1.5 - Unrestricted File Upload in PHP File Handler
CVSS 4.7
CVE-2023-24202 CRITICAL
Raffle Draw System v1.0 - Local File Inclusion
CVSS 9.8
CVE-2023-23937 HIGH
pimcore < 10.5.16 - Authenticated Unrestricted Upload of File with Dangerous Type via User Profile Update
CVSS 8.2
CVE-2023-0651 MEDIUM
FastCMS 0.1.0 - Unrestricted File Upload in Template Management
CVSS 6.3
CVE-2023-23135 HIGH
Ftdms 3.1.6 - Remote Code Execution via Crafted JPG File Upload
CVSS 7.2
CVE-2023-24610 HIGH
NOSH 4a5cfdb - Authenticated Remote Code Execution via Practice Logo Upload
CVSS 8.8
CVE-2023-0587 CRITICAL
Trend Micro Apex One - Unauthenticated Arbitrary File Upload via Malformed Content-Length Header
CVSS 9.1
CVE-2023-0455 HIGH
bumsys < 1.0.3-beta - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2023-22726 HIGH
act < 0.2.40 - Path Traversal and Arbitrary File Write via Artifact Server
CVSS 8.0
CVE-2023-23607 CRITICAL
dasherr < 1.05.00 - Unauthenticated Arbitrary File Upload and Remote Code Execution via filesave.php
CVSS 9.8
CVE-2023-20040 MEDIUM
Cisco Network Services Orchestrator 3.3-5.4.6 - Authenticated Arbitrary File Write and DoS via NETCONF
CVSS 5.5
CVE-2023-22851 HIGH
Tiki < 24.2 - Authenticated PHP Object Injection via WordPress Blog Importer
CVSS 7.2
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits