Przykłady dla CWE-434: Unrestricted Upload of File with Dangerous Type

	Tytuł	Data	Autor
High	Lektor 3.3.10 Arbitrary File upload	20.03.2024	kai6u
Med.	Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Default Admin Credentials	06.07.2022	MR.$UD0
High	WordPress Catch Themes Demo Import 1.6.1 Shell Upload	11.12.2021	Ron Jost
High	WordPress SP Project And Document Manager 4.21 Shell Upload	08.07.2021	Ron Jost
High	WordPress Modern Events Calendar 5.16.2 Shell Upload	02.07.2021	Ron Jost
High	OpenEMR 5.0.1.3 Shell Upload	14.06.2021	Ron Jost
High	VisualWare MyConnection Server 11.x Remote Code Execution	28.02.2021	Ryan Wincey
High	Moodle 3.8 Arbitary File Upload	30.11.2020	Sirwan Veisi
High	XUpload Remote File Upload Vulnerability	04.11.2020	h4shur
High	Typesetter CMS 5.1 Remote Code Execution	07.10.2020	Rodolfo Tavares
High	ckeditor-elfinder Remote File Upload Vulnerability	21.09.2020	h4shur
High	Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload	13.07.2020	Vlad Vector
High	filemanager File Upload vulnerability	03.05.2020	h4shur
High	LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability	10.04.2020	h4shur
High	NewsOne CMS – News, Magazine & Blog Script v1.1.0 Arbitrary File Upload	19.01.2020	m0ze
Med.	EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability	17.09.2019	KingSkrupellos
Med.	Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability	15.09.2019	KingSkrupellos
High	BKS EBK Ethernet-Buskoppler Pro Shell Upload	05.07.2019	Sebastian Auwaerter
High	Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution	28.04.2019	Cisco Talos
Med.	WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access	04.02.2019	KingSkrupellos
Med.	WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability	27.01.2019	KingSkrupellos
Med.	WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability	27.01.2019	KingSkrupellos
Med.	WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability	18.01.2019	KingSkrupellos
High	Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability	09.01.2019	KingSkrupellos
Med.	Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities	04.09.2018	KingSkrupellos
Med.	ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload	18.06.2018	L0RD
Med.	Gardenoma Remote File Upload Vulnerability	11.06.2018	Mr.T959
Med.	WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability	08.06.2018	KingSkrupellos
Med.	LifeRay (Fckeditor) Arbitrary File Upload Vulnerability	06.05.2018	Mostafa Gharzi
High	phpCollab 2.5.1 Arbitrary File Upload	03.10.2017	Sysdream
High	PhpCollab 2.5.1 Shell Upload	30.09.2017	SYSDREAM
High	Nuxeo Platform 6.x / 7.x Shell Upload	24.03.2017	SYSDREAM Labs
High	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root	18.02.2017	Matt Bergin (@thatguyl...
Med.	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write	18.02.2017	Matt Bergin
High	Cisco Firepower Threat Management Command Execution	06.10.2016	Matt Bergin
High	WordPress Daily Edition 1.6.2 File Upload	10.03.2015	Wang Jing
High	Intrexx Professional 6.0 / 5.2 Remote Code Execution	16.12.2014	Christian Schneider
High	HelpDEZk 1.0.1 Unrestricted File Upload	06.11.2014	High-Tech Bridge Secur...
High	WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution	24.01.2014	KedAns-Dz
High	DMXReady Registration Manager Arbitrary File Upload Vulnerability	30.06.2009	Securitylab

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-10-21

CVE-2024-10201

Updating...

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.

2024-10-20

CVE-2024-10161	Updating...	A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-49610	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.
CVE-2024-49607	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.
CVE-2024-49331	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.
CVE-2024-49330	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.
CVE-2024-49329	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.
CVE-2024-49327	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.
CVE-2024-49326	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.
CVE-2024-49324	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.

20.03.2024

06.07.2022

11.12.2021

08.07.2021

02.07.2021

14.06.2021

28.02.2021

30.11.2020

04.11.2020

07.10.2020

21.09.2020

13.07.2020

03.05.2020

10.04.2020

19.01.2020

17.09.2019

15.09.2019

05.07.2019

28.04.2019

04.02.2019

27.01.2019

27.01.2019

18.01.2019

09.01.2019

04.09.2018

18.06.2018

11.06.2018

08.06.2018

06.05.2018

03.10.2017

30.09.2017

24.03.2017

18.02.2017

18.02.2017

06.10.2016

10.03.2015

16.12.2014

06.11.2014

24.01.2014

30.06.2009