CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

CWE-669

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,190)

page 17 of 60

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-51366	Cri	0.64	9.8	0.00	Nov 21, 2024	An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.
CVE-2024-52408	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8.
CVE-2024-52407	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0.
CVE-2024-52406	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26.
CVE-2024-52405	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through <= 1.1.
CVE-2024-52404	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3.
CVE-2024-52403	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1.
CVE-2024-52400	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through <= 1.01.
CVE-2024-52399	Cri	0.64	9.9	0.01	Nov 16, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <= 3.1.6.
CVE-2024-52370	Cri	0.64	9.9	0.01	Nov 14, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.
CVE-2024-52369	Cri	0.64	9.9	0.01	Nov 14, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through <= 4.2.2.
CVE-2024-52384	Cri	0.64	9.9	0.01	Nov 14, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through <= 2.4.9.
CVE-2024-50530	Cri	0.64	9.9	0.01	Nov 4, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through <= 2.2.1.
CVE-2024-50529	Cri	0.64	9.9	0.01	Nov 4, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training – Courses training allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through <= 2.0.1.
CVE-2024-50511	Cri	0.64	9.9	0.01	Oct 30, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through <= 1.0.1.
CVE-2024-50480	Cri	0.64	9.9	0.01	Oct 29, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
CVE-2024-49671	Cri	0.64	9.9	0.00	Oct 23, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through <= 1.1.8.
CVE-2024-49669	Cri	0.64	9.9	0.00	Oct 23, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through <= 4.1.2.
CVE-2024-49658	Cri	0.64	9.9	0.01	Oct 23, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through <= 1.0.
CVE-2024-49652	Cri	0.64	9.9	0.01	Oct 23, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through <= 1.0.3.

CVE-2024-51366CriNov 21, 2024
risk 0.64cvss 9.8epss 0.00
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.
CVE-2024-52408CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8.
CVE-2024-52407CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0.
CVE-2024-52406CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26.
CVE-2024-52405CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through <= 1.1.
CVE-2024-52404CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3.
CVE-2024-52403CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1.
CVE-2024-52400CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through <= 1.01.
CVE-2024-52399CriNov 16, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <= 3.1.6.
CVE-2024-52370CriNov 14, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.
CVE-2024-52369CriNov 14, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through <= 4.2.2.
CVE-2024-52384CriNov 14, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through <= 2.4.9.
CVE-2024-50530CriNov 4, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through <= 2.2.1.
CVE-2024-50529CriNov 4, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training – Courses training allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through <= 2.0.1.
CVE-2024-50511CriOct 30, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through <= 1.0.1.
CVE-2024-50480CriOct 29, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
CVE-2024-49671CriOct 23, 2024
risk 0.64cvss 9.9epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through <= 1.1.8.
CVE-2024-49669CriOct 23, 2024
risk 0.64cvss 9.9epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through <= 4.1.2.
CVE-2024-49658CriOct 23, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through <= 1.0.
CVE-2024-49652CriOct 23, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through <= 1.0.3.