Falhas do tipo CWE-434

2.800 resultados
CVE-2019-25647HIGHPhreeBooks ERP 5.2.3 Remote Code Execution via Image ManagerEPSS 0.8%CVE-2024-1035HIGHopenBI Icon.php uploadIcon unrestricted uploadEPSS 0.8%CVE-2025-3054HIGHWP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.8%CVE-2023-29375CRITICALAn issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, aEPSS 0.8%CVE-2022-0945CRITICALStored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdocEPSS 0.8%CVE-2023-53889HIGHPerch CMS 3.2 Remote Code Execution via Unrestricted File UploadEPSS 0.8%CVE-2023-53885HIGHWebutler v3.2 Remote Code Execution via Arbitrary File UploadEPSS 0.8%CVE-2023-53924HIGHUliCMS 2023.1-sniffing-vicuna Remote Code Execution via Avatar UploadEPSS 0.8%CVE-2023-3623MEDIUMSuncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Module UploadHandler.ashx unrestricted uploadEPSS 0.8%CVE-2024-6054HIGHAuto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File UploadEPSS 0.8%CVE-2024-58281HIGHDotclear 2.29 Remote Code Execution via Authenticated File UploadEPSS 0.8%CVE-2022-0472HIGHUnrestricted Upload of File with Dangerous Type in jsdecena/laracomEPSS 0.8%CVE-2024-13011CRITICALWP Foodbakery <= 4.7 - Unauthenticated Arbitrary File UploadEPSS 0.8%CVE-2023-1303MEDIUMUCMS System File Management Module fileedit.php unrestricted uploadEPSS 0.8%CVE-2022-41267CRITICALSAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on BusinEPSS 0.8%CVE-2025-66802CRITICALSourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (pEPSS 0.8%CVE-2024-31680HIGHFile Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execuEPSS 0.8%CVE-2023-1484MEDIUMxzjie cms upload unrestricted uploadEPSS 0.8%CVE-2020-6975Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of thisEPSS 0.8%CVE-2024-25846CRITICALIn the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload fEPSS 0.8%