CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2023-0257 MEDIUM
SourceCodester Online Food Ordering System 2.0 - Unrestricted Upload
CVSS 4.7
CVE-2022-50993 CRITICAL
Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet
CVSS 9.8
CVE-2022-50939 HIGH
e107 CMS 3.2.1 - Authenticated Path Traversal and Arbitrary File Write via Media Manager Upload Caption
CVSS 7.2
CVE-2022-50936 HIGH
WBCE CMS 1.5.2 - Authenticated Remote Code Execution via Droplet Upload
CVSS 8.8
CVE-2022-50916 HIGH
e107 CMS 3.2.1 - Authenticated Arbitrary File Write via Media Manager Import URL Parameter
CVSS 7.2
CVE-2022-50912 CRITICAL
ImpressCMS 1.4.4 - Unrestricted File Upload via Weak Extension Sanitization Bypass
CVSS 9.8
CVE-2022-50907 HIGH
e107 CMS <3.2.1 - Authenticated RCE
CVSS 7.2
CVE-2022-50898 HIGH
NanoCMS 0.4 - Remote Code Execution
CVSS 8.8
CVE-2022-50893 CRITICAL
VIAVIWEB Wallpaper Admin 1.0 - Unauthenticated Remote Code Execution via Image Upload
CVSS 9.8
CVE-2022-42449 MEDIUM
HCL Domino Volt 1.0-1.1.0 - Unauthenticated Unrestricted Upload of Dangerous File Type
CVSS 4.6
CVE-2022-27562 MEDIUM
HCL Domino Volt 1.0-<1.1.1 - Unauthenticated Unrestricted Upload of Dangerous File Type
CVSS 4.6
CVE-2022-44760 MEDIUM
HCL Leap 9.0-9.3.0 - Unrestricted Upload of File with Dangerous Type
CVSS 4.6
CVE-2022-41573 CRITICAL
Ovidentia 8.3 - Unrestricted Upload of Executable Files Leading to Remote Code Execution
CVSS 9.8
CVE-2022-1206 HIGH
AdRotate Banner Manager - WordPress <5.13.2 - RCE
CVSS 7.2
CVE-2022-45171 HIGH
LIVEBOX Collaboration vDesk < 018 - Authenticated Unrestricted Upload of File with Dangerous Type via vShare
CVSS 8.8
CVE-2022-42443 LOW
IBM Trusteer Android and iOS SDK for Mobile < 5.7 - Unrestricted Upload of File with Dangerous Type
CVSS 2.2
CVE-2022-1538 HIGH
Theme Demo Import WordPress plugin < 1.1.1 - Authenticated Arbitrary File Upload
CVSS 7.2
CVE-2022-46839 CRITICAL
JS Help Desk <2.7.1 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2022-45377 MEDIUM
Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Unrestricted Upload of File with Dangerous Type
CVSS 6.5
CVE-2022-22375 HIGH
IBM Security Verify Privilege On-Premises <11.5 - Command Injection
CVSS 7.2
CVE-2022-47893 CRITICAL
Riello UPS NetMan 204 Firmware - Remote Code Execution via Firmware Upload
CVSS 10.0
CVE-2022-47186 HIGH
Generex CS141 <2.06 - Unrestricted File Upload
CVSS 7.5
CVE-2022-46899 HIGH
Vocera Report Server & Voice Server <5.8 - Arbitrary File Upload
CVSS 7.5
CVE-2022-28863 HIGH
Nokia NetAct 22 - Authenticated Unrestricted Upload of File with Dangerous Type via Site Configuration Tool
CVSS 8.8
CVE-2022-40896 MEDIUM
pygments < 2.15.0 - Denial of Service via SmithyLexer ReDoS
CVSS 5.5
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits