Przykłady dla CWE-434: Unrestricted Upload of File with Dangerous Type

	Tytuł	Data	Autor
High	Lektor 3.3.10 Arbitrary File upload	20.03.2024	kai6u
Med.	Designed By Sevy INC. - SQL Injection Vulnerability, Unrestricted File Upload Vulnerability and Default Admin Credentials	06.07.2022	MR.$UD0
High	WordPress Catch Themes Demo Import 1.6.1 Shell Upload	11.12.2021	Ron Jost
High	WordPress SP Project And Document Manager 4.21 Shell Upload	08.07.2021	Ron Jost
High	WordPress Modern Events Calendar 5.16.2 Shell Upload	02.07.2021	Ron Jost
High	OpenEMR 5.0.1.3 Shell Upload	14.06.2021	Ron Jost
High	VisualWare MyConnection Server 11.x Remote Code Execution	28.02.2021	Ryan Wincey
High	Moodle 3.8 Arbitary File Upload	30.11.2020	Sirwan Veisi
High	XUpload Remote File Upload Vulnerability	04.11.2020	h4shur
High	Typesetter CMS 5.1 Remote Code Execution	07.10.2020	Rodolfo Tavares
High	ckeditor-elfinder Remote File Upload Vulnerability	21.09.2020	h4shur
High	Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload	13.07.2020	Vlad Vector
High	filemanager File Upload vulnerability	03.05.2020	h4shur
High	LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability	10.04.2020	h4shur
High	NewsOne CMS – News, Magazine & Blog Script v1.1.0 Arbitrary File Upload	19.01.2020	m0ze
Med.	EwebTonic Services Pvt Ltd Software Authentication Bypass Backdoor Access Vulnerability	17.09.2019	KingSkrupellos
Med.	Giribala Creative Ventures Fluent Technology Software Authentication Bypass Backdoor Access Vulnerability	15.09.2019	KingSkrupellos
High	BKS EBK Ethernet-Buskoppler Pro Shell Upload	05.07.2019	Sebastian Auwaerter
High	Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution	28.04.2019	Cisco Talos
Med.	WordPress Ultimate-Member Plugins 2.0.38 CSRF Backdoor Access	04.02.2019	KingSkrupellos
Med.	WordPress MM-Forms-Community Plugins 2.2.7 Backdoor Access and SQL Injection Vulnerability	27.01.2019	KingSkrupellos
Med.	WordPress pitajte-strucnjaka Plugins 4.9.6 Backdoor Access Vulnerability	27.01.2019	KingSkrupellos
Med.	WordPress category-page-icons Plugins 3.6.1 CSRF Backdoor Access Vulnerability	18.01.2019	KingSkrupellos
High	Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell Upload Vulnerability	09.01.2019	KingSkrupellos
Med.	Design & Developed by SoftBd Ltd. Bangladesh Education Portals Multiple Vulnerabilities	04.09.2018	KingSkrupellos
Med.	ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload	18.06.2018	L0RD
Med.	Gardenoma Remote File Upload Vulnerability	11.06.2018	Mr.T959
Med.	WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability	08.06.2018	KingSkrupellos
Med.	LifeRay (Fckeditor) Arbitrary File Upload Vulnerability	06.05.2018	Mostafa Gharzi
High	phpCollab 2.5.1 Arbitrary File Upload	03.10.2017	Sysdream
High	PhpCollab 2.5.1 Shell Upload	30.09.2017	SYSDREAM
High	Nuxeo Platform 6.x / 7.x Shell Upload	24.03.2017	SYSDREAM Labs
High	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root	18.02.2017	Matt Bergin (@thatguyl...
Med.	Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write	18.02.2017	Matt Bergin
High	Cisco Firepower Threat Management Command Execution	06.10.2016	Matt Bergin
High	WordPress Daily Edition 1.6.2 File Upload	10.03.2015	Wang Jing
High	Intrexx Professional 6.0 / 5.2 Remote Code Execution	16.12.2014	Christian Schneider
High	HelpDEZk 1.0.1 Unrestricted File Upload	06.11.2014	High-Tech Bridge Secur...
High	WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution	24.01.2014	KedAns-Dz
High	DMXReady Registration Manager Arbitrary File Upload Vulnerability	30.06.2009	Securitylab

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-24

CVE-2024-32836	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11.
CVE-2024-32954	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
CVE-2023-31090	Updating...	Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.

2024-04-18

CVE-2024-3948

Updating...

A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.

2024-04-17

CVE-2024-32514

Updating...

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4.

2024-04-15

CVE-2024-3778	Updating...	The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.
CVE-2024-3804	Updating...	A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3803	Updating...	A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

2024-04-13

CVE-2024-3736

Updating...

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.

2024-04-12

CVE-2024-3705

Updating...

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.

20.03.2024

06.07.2022

11.12.2021

08.07.2021

02.07.2021

14.06.2021

28.02.2021

30.11.2020

04.11.2020

07.10.2020

21.09.2020

13.07.2020

03.05.2020

10.04.2020

19.01.2020

17.09.2019

15.09.2019

05.07.2019

28.04.2019

04.02.2019

27.01.2019

27.01.2019

18.01.2019

09.01.2019

04.09.2018

18.06.2018

11.06.2018

08.06.2018

06.05.2018

03.10.2017

30.09.2017

24.03.2017

18.02.2017

18.02.2017

06.10.2016

10.03.2015

16.12.2014

06.11.2014

24.01.2014

30.06.2009