Fallos del tipo CWE-434
2800 resultadosCVE-2023-27397CRITICALUnrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload functionEPSS 0.9%CVE-2023-4186MEDIUMSourceCodester Pharmacy Management System manage_website.php unrestricted uploadEPSS 0.9%CVE-2024-2381HIGHAliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.9%CVE-2024-1036HIGHopenBI Icon Screen.php uploadIcon unrestricted uploadEPSS 0.9%CVE-2024-3436MEDIUMSourceCodester Prison Management System Avatar edit-photo.php unrestricted uploadEPSS 0.9%CVE-2023-1559MEDIUMSourceCodester Storage Unit Rental Management System unrestricted uploadEPSS 0.9%CVE-2022-1033HIGHUnrestricted Upload of File with Dangerous Type in crater-invoice/craterEPSS 0.9%CVE-2022-40932HIGHIn Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "GalEPSS 0.9%CVE-2024-2849MEDIUMSourceCodester Simple File Manager unrestricted uploadEPSS 0.9%CVE-2023-6887MEDIUMsaysky ForestBlog Image Upload img unrestricted uploadEPSS 0.9%CVE-2023-35189CRITICALIagona ScrutisWeb Unrestricted Upload of File with Dangerous TypeEPSS 0.9%CVE-2024-6311HIGHFunnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File UploadEPSS 0.9%CVE-2012-10042HIGHSflog! CMS 1.0 Arbitrary File Upload RCEEPSS 0.9%CVE-2023-34007CRITICALWordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File UploadEPSS 0.9%CVE-2024-6314CRITICALIQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File UploadEPSS 0.9%CVE-2025-34195HIGHVasion Print (formerly PrinterLogic) Unquoted Path During Driver Installation Leads to Execution of C:\Program.exeEPSS 0.9%CVE-2024-4560CRITICALKognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant FunctionEPSS 0.9%CVE-2023-45603CRITICALWordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File UploadEPSS 0.9%CVE-2023-27033CRITICALPrestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrEPSS 0.9%CVE-2024-52429CRITICALWordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerabilityEPSS 0.9%