CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,130 vulnerabilities with CWE-434
CVE-2022-44276 CRITICAL
Responsive Filemanager < 9.12.0 - Auth Bypass
CVSS 9.8
CVE-2022-33166 HIGH
IBM Security Directory Suite VA <8.0.1.19 - Privilege Escalation
CVSS 7.2
CVE-2022-4949 HIGH
AdSanity < 1.8.2 - Authenticated Arbitrary File Upload via ajax_upload Function
CVSS 8.8
CVE-2022-47878 HIGH
Jedox <= 22.2 - Authenticated Remote Code Execution via Default Storage Path Misconfiguration
CVSS 8.8
CVE-2022-45802 CRITICAL
Apache StreamPark < 2.0.0 - Unauthenticated Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-25277 HIGH
Drupal 8.0.0-9.3.18 - Unrestricted Upload of File with Dangerous Type via .htaccess Extension Bypass
CVSS 7.2
CVE-2022-36769 HIGH
IBM Cloud Pak for Data 4.5-4.6 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2022-34128 CRITICAL
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
CVSS 9.8
CVE-2022-47191 MEDIUM
Generex UPS CS141 <2.06 - Privilege Escalation
CVSS 4.3
CVE-2022-47190 CRITICAL
Generex CS141 Firmware < 2.06 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Firmware Update
CVSS 10.0
CVE-2022-3682 CRITICAL
HitachiEnergy SDM600 < 1.3.0.1339 - Arbitrary Code Execution via Crafted Message Upload
CVSS 9.9
CVE-2022-39983 CRITICAL
Instantdeveloper Rd3 - Unrestricted File Upload
CVSS 9.8
CVE-2022-41217 CRITICAL
Cloudflow - Unauthenticated File Upload
CVSS 9.8
CVE-2022-2883 HIGH
Octopus Server < 2022.3.11043 - Denial of Service via Zipbomb Upload
CVSS 7.5
CVE-2022-45527 CRITICAL
Future-Depth Institutional Management Website 1.0 - Unauthenticated Arbitrary File Upload in Course Image Directory
CVSS 9.8
CVE-2022-48079 CRITICAL
aaPanel Host System 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2022-46604 HIGH
Tecrail Responsive FileManager <9.9.5 - Code Injection
CVSS 8.8
CVE-2022-42971 CRITICAL
Schneider Electric APC Easy UPS Online Monitoring Software < 2.5-GA-01-22320 - RCE via JSP Upload
CVSS 9.8
CVE-2022-47769 CRITICAL
Serenissima Informatica Fast Checkin 1.0 - Unauthenticated Arbitrary File Write via Web Root Upload
CVSS 9.8
CVE-2022-47854 CRITICAL
i-librarian 4.10 - Arbitrary File Upload via ajaxsupplement.php
CVSS 9.8
CVE-2022-48006 CRITICAL
taocms 3.0.2 - Arbitrary File Upload and Remote Code Execution via upext Variable
CVSS 9.8
CVE-2022-43979 MEDIUM
Pandora FMS < 766 - Path Traversal and Local File Inclusion via Insufficient Path Validation
CVSS 5.9
CVE-2022-48008 CRITICAL
LimeSurvey 5.4.15 - Arbitrary File Upload and Remote Code Execution via Plugin Manager
CVSS 9.8
CVE-2022-47615 CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - Local File Inclusion
CVSS 9.3
CVE-2022-47042 HIGH
MCMS < 5.2.11 - Arbitrary File Write via ms/template/writeFileContent.do
CVSS 8.8
Details
Vulnerabilities 4,130
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits