CWE-434 - Unrestricted Upload of File with Dangerous Type

Description

This weakness occurs, when the attacker uploads or transfers files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications.
The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database.
This weakness mostly occurs in applications written in ASP and PHP. Using of code received as a recepient's one attackers can easily control the system and cause arbitrary code execution.

The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-434

Multiple vulnerabilities in Hitachi Energy RTU500 Series 2024-04-26
Low Yes

Arbitrary file upload in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus 2024-04-19
High Yes

Arbitrary file upload in Forminator plugin for WordPress 2024-04-18
High Yes

Multiple vulnerabilities in Ivanti Avalanche 2024-04-17
High Yes

Multiple vulnerabilities in Primavera Unifier 2024-04-16
Medium Yes

Arbitrary file upload in IBM Storage Defender Resiliency Service 2024-04-11
Low Yes

Multiple vulnerabilities in IBM Operational Decision Manager 2024-04-10
High Yes

Multiple vulnerabilities in phpMyFAQ 2024-03-26
Medium Yes

Arbitrary file upload in Online Discussion Forum Site 2024-03-25
Medium No

Arbitrary file write in Ivanti Neurons for ITSM 2024-03-20
Medium Yes

References

Description of CWE-434 on Mitre website