VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 10 of 84
  • CVE-2024-49327CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2.

  • CVE-2024-49326CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3.

  • CVE-2024-49324CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0.

  • CVE-2024-49611CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0.

  • CVE-2024-49314CriOct 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2.

  • CVE-2024-49291CriOct 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

  • CVE-2024-49242CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5.

  • CVE-2024-49216CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through <= 0.2.1.

  • CVE-2024-49257CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9.

  • CVE-2024-6314CriJul 9, 2024
    risk 0.65cvss 9.8epss 0.01

    The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary…

  • CVE-2024-6127CriJun 27, 2024
    risk 0.65cvss 9.8epss 0.10

    BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering…

  • CVE-2024-37228CriJun 24, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38.

  • CVE-2024-34990CriJun 19, 2024
    risk 0.65cvss 10.0epss 0.01

    In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket…

  • CVE-2024-32809CriMay 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.

  • CVE-2024-4560CriMay 14, 2024
    risk 0.65cvss 9.8epss 0.01

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated…

  • CVE-2024-31377CriMay 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.

  • CVE-2024-0916CriApr 25, 2024
    risk 0.65cvss 10.0epss 0.01

    Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.

  • CVE-2024-31115CriMar 31, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 7.2.

  • CVE-2024-30510CriMar 29, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.

  • CVE-2023-49815CriMar 27, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.