CWE-434
AllowedUnrestricted Upload of File with Dangerous Type
Abstraction: Base · Status: Draft
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
5969 vulnerabilities reference this CWE, most recent first.
CVE-2023-38388 (GCVE-0-2023-38388)
Vulnerability from cvelistv5 – Published: 2024-03-26 20:39 – Updated: 2026-04-28 16:08- CWE-434 - Unrestricted Upload of File with Dangerous Type
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jup… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Artbees | JupiterX Core |
Affected:
n/a , ≤ 3.3.5
(custom)
|
|
| artbees | jupiter_x_core |
Affected:
0 , ≤ 3.3.5
(custom)
cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "jupiter_x_core",
"vendor": "artbees",
"versions": [
{
"lessThanOrEqual": "3.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:19:22.411839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:00.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JupiterX Core",
"vendor": "Artbees",
"versions": [
{
"changes": [
{
"at": "3.3.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.3.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.\u003cp\u003eThis issue affects JupiterX Core: from n/a through 3.3.5.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:33.876Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.3.8 or a higher version."
}
],
"value": "Update to 3.3.8 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Jupiter X Core plugin \u003c= 3.3.5 - Unauth. Arbitrary File Upload vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-38388",
"datePublished": "2024-03-26T20:39:51.713Z",
"dateReserved": "2023-07-17T15:21:38.731Z",
"dateUpdated": "2026-04-28T16:08:33.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-38098 (GCVE-0-2023-38098)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-09-18 18:29- CWE-434 - Unrestricted Upload of File with Dangerous Type
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://kb.netgear.com/000065707/Security-Advisor… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| NETGEAR | ProSAFE Network Management System |
Affected:
1.7.0.12 (Win64)
|
|
| netgear | prosafe_network_management_system |
Affected:
0 , < 1.7.0.20
(custom)
cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "prosafe_network_management_system",
"vendor": "netgear",
"versions": [
{
"lessThan": "1.7.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T17:17:16.615514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:22:04.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-918",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-918/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ProSAFE Network Management System",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.7.0.12 (Win64)"
}
]
}
],
"dateAssigned": "2023-07-12T15:35:24.838Z",
"datePublic": "2023-07-13T19:52:47.927Z",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:32.388Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-918",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-918/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025"
}
],
"source": {
"lang": "en",
"value": "Steven Seeley of Source Incite"
},
"title": "NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38098",
"datePublished": "2024-05-03T01:59:00.556Z",
"dateReserved": "2023-07-12T15:22:20.618Z",
"dateUpdated": "2024-09-18T18:29:32.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38095 (GCVE-0-2023-38095)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:58 – Updated: 2024-09-18 18:29- CWE-434 - Unrestricted Upload of File with Dangerous Type
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://kb.netgear.com/000065707/Security-Advisor… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| NETGEAR | ProSAFE Network Management System |
Affected:
1.7.0.12 (Win64)
|
|
| netgear | prosafe_network_management_system |
Affected:
0 , < 1.7.0.20
(custom)
cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "prosafe_network_management_system",
"vendor": "netgear",
"versions": [
{
"lessThan": "1.7.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T17:20:07.569103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:20:55.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-921",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-921/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ProSAFE Network Management System",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.7.0.12 (Win64)"
}
]
}
],
"dateAssigned": "2023-07-12T15:35:24.815Z",
"datePublic": "2023-07-13T19:53:03.927Z",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19717."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:30.829Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-921",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-921/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025"
}
],
"source": {
"lang": "en",
"value": "Steven Seeley of Source Incite"
},
"title": "NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38095",
"datePublished": "2024-05-03T01:58:58.287Z",
"dateReserved": "2023-07-12T15:22:20.617Z",
"dateUpdated": "2024-09-18T18:29:30.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38029 (GCVE-0-2023-38029)
Vulnerability from cvelistv5 – Published: 2023-08-28 05:59 – Updated: 2024-10-03 16:16- CWE-434 - Unrestricted Upload of File with Dangerous Type
| Vendor | Product | Version | |
|---|---|---|---|
| Saho | ADM100 |
Affected:
0.0.4.0
Affected: 0.0.4.3 Affected: 0.0.4.6 Affected: 0.0.4.8 Affected: Q20100602 Affected: T17041702 Affected: T18051803 Affected: T190 |
|
| Saho | ADM-100FP |
Affected:
Q20100602
Affected: T17041702 Affected: T18051803 Affected: T190 |
|
| saho | adm-100_firmware |
Affected:
0.0.4.0
Affected: 0.0.4.3 Affected: 0.0.4.6 Affected: 0.0.4.8 Affected: q20100602 Affected: t17041702 Affected: t18051803 Affected: t190 cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:* |
|
| saho | adm-100fp_firmware |
Affected:
q20100602
Affected: t17041702 Affected: t18051803 Affected: t190 cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:* cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adm-100_firmware",
"vendor": "saho",
"versions": [
{
"status": "affected",
"version": "0.0.4.0"
},
{
"status": "affected",
"version": "0.0.4.3"
},
{
"status": "affected",
"version": "0.0.4.6"
},
{
"status": "affected",
"version": "0.0.4.8"
},
{
"status": "affected",
"version": "q20100602"
},
{
"status": "affected",
"version": "t17041702"
},
{
"status": "affected",
"version": "t18051803"
},
{
"status": "affected",
"version": "t190"
}
]
},
{
"cpes": [
"cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:*",
"cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adm-100fp_firmware",
"vendor": "saho",
"versions": [
{
"status": "affected",
"version": "q20100602"
},
{
"status": "affected",
"version": "t17041702"
},
{
"status": "affected",
"version": "t18051803"
},
{
"status": "affected",
"version": "t190"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T16:15:41.221507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T16:16:59.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADM100",
"vendor": "Saho",
"versions": [
{
"status": "affected",
"version": "0.0.4.0"
},
{
"status": "affected",
"version": "0.0.4.3"
},
{
"status": "affected",
"version": "0.0.4.6"
},
{
"status": "affected",
"version": "0.0.4.8"
},
{
"status": "affected",
"version": "Q20100602"
},
{
"status": "affected",
"version": "T17041702"
},
{
"status": "affected",
"version": "T18051803"
},
{
"status": "affected",
"version": "T190"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ADM-100FP",
"vendor": "Saho",
"versions": [
{
"status": "affected",
"version": "Q20100602"
},
{
"status": "affected",
"version": "T17041702"
},
{
"status": "affected",
"version": "T18051803"
},
{
"status": "affected",
"version": "T190"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSaho\u2019s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSaho\u2019s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T05:59:47.039Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nContact support from Saho.\u003cbr\u003e"
}
],
"value": "\n\n\nContact support from Saho.\n"
}
],
"source": {
"advisory": "TVN-202308009",
"discovery": "EXTERNAL"
},
"title": "Saho ADM100\u0026ADM-100FP - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38029",
"datePublished": "2023-08-28T05:59:47.039Z",
"dateReserved": "2023-07-12T00:37:03.717Z",
"dateUpdated": "2024-10-03T16:16:59.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37289 (GCVE-0-2023-37289)
Vulnerability from cvelistv5 – Published: 2023-07-20 02:45 – Updated: 2024-10-24 18:46- CWE-434 - Unrestricted Upload of File with Dangerous Type
| Vendor | Product | Version | |
|---|---|---|---|
| InfoDoc | Document On-line Submission and Approval System |
Affected:
22547
Affected: 22567 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:46:49.076751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:46:57.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Document On-line Submission and Approval System",
"vendor": "InfoDoc",
"versions": [
{
"status": "affected",
"version": "22547"
},
{
"status": "affected",
"version": "22567"
}
]
}
],
"datePublic": "2023-07-20T02:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Document On-line Submission and Approval System: 22547, 22567.\u003c/span\u003e"
}
],
"value": "It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.\u00a0This issue affects Document On-line Submission and Approval System: 22547, 22567."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T03:03:19.655Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contact support from InfoDoc"
}
],
"value": "Contact support from InfoDoc"
}
],
"source": {
"advisory": "TVN-202307007",
"discovery": "EXTERNAL"
},
"title": "InfoDoc Document On-line Submission and Approval System - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-37289",
"datePublished": "2023-07-20T02:45:25.479Z",
"dateReserved": "2023-06-30T02:08:23.931Z",
"dateUpdated": "2024-10-24T18:46:57.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36809 (GCVE-0-2023-36809)
Vulnerability from cvelistv5 – Published: 2023-07-05 21:02 – Updated: 2024-10-24 18:16| URL | Tags |
|---|---|
| https://github.com/kiwitcms/Kiwi/security/advisor… | x_refsource_CONFIRM |
| https://huntr.dev/bounties/511489dd-ba38-4806-902… | x_refsource_MISC |
| https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc4… | x_refsource_MISC |
| https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/… | x_refsource_MISC |
| https://www.github.com/kiwitcms/kiwi/commit/195ea… | x_refsource_MISC |
| https://www.github.com/kiwitcms/kiwi/commit/ffb00… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw"
},
{
"name": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/"
},
{
"name": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/"
},
{
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/"
},
{
"name": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c"
},
{
"name": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kiwi_tcms",
"vendor": "kiwitcms",
"versions": [
{
"lessThan": "12.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36809",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T17:59:24.169848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:16:23.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kiwi",
"vendor": "kiwitcms",
"versions": [
{
"status": "affected",
"version": "\u003c 12.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T21:02:37.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw"
},
{
"name": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/"
},
{
"name": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/"
},
{
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/",
"tags": [
"x_refsource_MISC"
],
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/"
},
{
"name": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c"
},
{
"name": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d"
}
],
"source": {
"advisory": "GHSA-jpgw-2r9m-8qfw",
"discovery": "UNKNOWN"
},
"title": "Kiwi TCMS\u0027s misconfigured HTTP headers allow stored XSS execution with Firefox"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36809",
"datePublished": "2023-07-05T21:02:37.602Z",
"dateReserved": "2023-06-27T15:43:18.383Z",
"dateUpdated": "2024-10-24T18:16:23.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35189 (GCVE-0-2023-35189)
Vulnerability from cvelistv5 – Published: 2023-07-18 17:12 – Updated: 2024-10-28 15:30- CWE-434 - Unrestricted Upload of File with Dangerous Type
| Vendor | Product | Version | |
|---|---|---|---|
| iagona | ScrutisWeb |
Affected:
0 , ≤ 2.1.37
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:29:50.793073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:30:01.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScrutisWeb",
"vendor": "iagona",
"versions": [
{
"lessThanOrEqual": "2.1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Neil Graves, Jorian van den Hout, and Malcolm Stagg reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nIagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote \ncode execution vulnerability that could allow an unauthenticated user to\n upload a malicious payload and execute it.\n\n\u003c/p\u003e"
}
],
"value": "Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote \ncode execution vulnerability that could allow an unauthenticated user to\n upload a malicious payload and execute it.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T17:14:57.706Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIagona has developed and released Iagona ScrutisWeb v2.1.38.\n\n\u003cbr\u003e"
}
],
"value": "Iagona has developed and released Iagona ScrutisWeb v2.1.38.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Iagona ScrutisWeb Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-35189"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-35189",
"datePublished": "2023-07-18T17:12:24.681Z",
"dateReserved": "2023-07-13T17:28:15.859Z",
"dateUpdated": "2024-10-28T15:30:01.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35018 (GCVE-0-2023-35018)
Vulnerability from cvelistv5 – Published: 2023-10-15 23:46 – Updated: 2024-09-16 19:15- CWE-434 - Unrestricted Upload of File with Dangerous Type
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7050358 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security Verify Governance |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7050358"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T19:15:09.001350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:15:18.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Verify Governance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382."
}
],
"value": "IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-15T23:48:50.779Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7050358"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259382"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Governance file upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-35018",
"datePublished": "2023-10-15T23:46:49.009Z",
"dateReserved": "2023-06-11T20:38:21.241Z",
"dateUpdated": "2024-09-16T19:15:18.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34385 (GCVE-0-2023-34385)
Vulnerability from cvelistv5 – Published: 2023-12-20 18:44 – Updated: 2026-04-28 16:08- CWE-434 - Unrestricted Upload of File with Dangerous Type
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/exp… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Akshay Menariya | Export Import Menus |
Affected:
n/a , ≤ 1.8.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/export-import-menus/wordpress-export-import-menus-plugin-1-8-0-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-import-menus",
"product": "Export Import Menus",
"vendor": "Akshay Menariya",
"versions": [
{
"changes": [
{
"at": "1.9.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Emili Castells (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.\u003cp\u003eThis issue affects Export Import Menus: from n/a through 1.8.0.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:29.058Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/export-import-menus/wordpress-export-import-menus-plugin-1-8-0-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a01.9.0 or a higher version."
}
],
"value": "Update to\u00a01.9.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Export Import Menus Plugin \u003c= 1.8.0 is vulnerable to Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-34385",
"datePublished": "2023-12-20T18:44:48.701Z",
"dateReserved": "2023-06-02T15:48:00.545Z",
"dateUpdated": "2026-04-28T16:08:29.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34207 (GCVE-0-2023-34207)
Vulnerability from cvelistv5 – Published: 2023-10-17 03:35 – Updated: 2024-09-13 19:52- CWE-434 - Unrestricted Upload of File with Dangerous Type
| URL | Tags |
|---|---|
| https://zuso.ai/Advisory/ZA-2023-04 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| EasyUse Digital Technology | MailHunter Ultimate |
Affected:
0 , ≤ 2023
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://zuso.ai/Advisory/ZA-2023-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T19:52:06.578416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:52:42.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MailHunter Ultimate",
"vendor": "EasyUse Digital Technology",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-10-17T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with \u2018NT Authority\\SYSTEM\u2018 privilege via a crafted ZIP archive."
}
],
"value": "Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with \u2018NT Authority\\SYSTEM\u2018 privilege via a crafted ZIP archive."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T03:35:35.535Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/Advisory/ZA-2023-04"
}
],
"source": {
"defect": [
"ZA-2023-04"
],
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in EasyUse MailHunter Ultimate",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-34207",
"datePublished": "2023-10-17T03:35:35.535Z",
"dateReserved": "2023-05-30T09:41:32.477Z",
"dateUpdated": "2024-09-13T19:52:42.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Generate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]
Mitigation MIT-21
Strategy: Enforcement by Conversion
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Mitigation
Consider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- For example, limiting filenames to alphanumeric characters can help to restrict the introduction of unintended file extensions.
Mitigation
Define a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types.
Mitigation
Strategy: Input Validation
Ensure that only one extension is used in the filename. Some web servers, including some versions of Apache, may process files based on inner extensions so that "filename.php.gif" is fed to the PHP interpreter.[REF-422] [REF-423]
Mitigation
When running on a web server that supports case-insensitive filenames, perform case-insensitive evaluations of the extensions that are provided.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation
Do not rely exclusively on sanity checks of file contents to ensure that the file is of the expected type and size. It may be possible for an attacker to hide code in some file segments that will still be executed by the server. For example, GIF images may contain a free-form comments field.
Mitigation
Do not rely exclusively on the MIME content type or filename attribute when determining how to render a file. Validating the MIME content type and ensuring that it matches the extension is only a partial solution.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-22
Strategy: Sandbox or Jail
- Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
- OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.