CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,130 vulnerabilities with CWE-434
CVE-2022-40037
CRITICAL
javaweb_blog v1.0 - Unauthenticated Arbitrary File Upload via /upFile Component
CVSS 9.8
CVE-2022-40035
HIGH
blog-ssm v1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via /uploadFileList
CVSS 8.8
CVE-2022-3478
MEDIUM
GitLab 12.8-15.4.5, 15.5-15.5.4, 15.6 - Denial of Service via Malicious NuGet Package Upload
CVSS 4.3
CVE-2022-47766
HIGH
PopojiCMS v2.0.1 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
CVE-2022-46660
HIGH
Ge GE Proficy Historian 7.0 through 2023 - Unrestricted File Upload
CVSS 7.5
CVE-2022-42287
MEDIUM
NVIDIA BMC < 00.19.07 - Authenticated Path Traversal and Arbitrary File Upload/Download via IPMI Handler
CVSS 6.0
CVE-2022-46610
HIGH
72crm wukong_crm v9 - Arbitrary File Upload via Avatar Upload Function
CVSS 8.8
CVE-2022-44036
HIGH
b2evolution 7.2.5 - Command Injection
CVSS 7.2
CVE-2022-43436
HIGH
easy_test - Authenticated Arbitrary File Upload via Insufficient File Type Filtering
CVSS 8.8
CVE-2022-48194
HIGH
TP-Link TL-WR902AC Firmware < 3.0.9.1 - Authenticated Remote Code Execution via Crafted Firmware Update
CVSS 8.8
CVE-2022-45427
HIGH
Dahua DSS Express and DSS Professional - Authenticated Arbitrary File Upload via Crafted Packet
CVSS 7.2
CVE-2022-4732
HIGH
microweber < 1.3.2 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2022-45896
CRITICAL
Planet eStream < 6.72.10.07 - Unauthenticated Arbitrary File Upload RCE via Upload2.ashx/Ajax.asmx
CVSS 9.8
CVE-2022-4665
HIGH
GitHub ampache/ampache <5.5.6 - Info Disclosure
CVSS 8.8
CVE-2022-46493
CRITICAL
nbnbk - Arbitrary File Upload via /api/User/download_img
CVSS 9.8
CVE-2022-45415
HIGH
Firefox < 107.0 - Unrestricted Download of File with Dangerous Type via Page Title
CVSS 7.8
CVE-2022-34483
HIGH
Firefox < 102.0 - Unrestricted Upload of Executable File via Drag-and-Drop Filename Manipulation
CVSS 8.8
CVE-2022-34482
HIGH
Firefox < 102.0 - Unauthenticated Executable File Upload via Drag-and-Drop Filename Manipulation
CVSS 8.8
CVE-2022-0517
HIGH
Mozilla VPN < 2.7.1 - Arbitrary Code Execution via OpenSSL Configuration File
CVSS 7.8
CVE-2022-46102
CRITICAL
AyaCMS 3.1.2 - Unrestricted Upload of File with Dangerous Type via fst_down.inc.php
CVSS 9.8
CVE-2022-45966
CRITICAL
Classcms 3.5 - Unrestricted Upload of File with Dangerous Type in File Management Module
CVSS 9.8
CVE-2022-46020
CRITICAL
WBCE CMS 1.5.4 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2022-46135
HIGH
AeroCMS v0.0.1 - Arbitrary File Upload via Posts Edit Endpoint
CVSS 7.2
CVE-2022-45338
HIGH
Exact Synergy Enterprise < 267SP13 and < 500SP6 - Arbitrary File Upload via Profile Picture SVG
CVSS 7.8
CVE-2022-4506
HIGH
OpenEMR < 7.0.0.2 - Unrestricted Upload of File with Dangerous Type
CVSS 8.8
Details
Vulnerabilities
4,130
Exploit Likelihood
Medium