VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 20 of 84
  • CVE-2023-51410CriDec 29, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.

  • CVE-2023-25970CriDec 20, 2023
    risk 0.64cvss 9.8epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.

  • CVE-2023-46149CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.

  • CVE-2023-34385CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0.

  • CVE-2023-34007CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.

  • CVE-2023-33318CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.

  • CVE-2023-31231CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

  • CVE-2023-31215CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.

  • CVE-2023-5636CriDec 1, 2023
    risk 0.64cvss 9.8epss 0.02

    Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1.

  • CVE-2020-36706CriOct 20, 2023
    risk 0.64cvss 9.8epss 0.02

    The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to…

  • CVE-2023-4596CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.13

    The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated…

  • CVE-2023-3049CriJun 13, 2023
    risk 0.64cvss 9.8epss 0.04

    Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

  • CVE-2019-25138CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.02

    The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files…

  • CVE-2016-15033CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.02

    The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary…

  • CVE-2023-2712CriMay 20, 2023
    risk 0.64cvss 9.8epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15.

  • CVE-2023-1728CriApr 4, 2023
    risk 0.64cvss 9.8epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This issue affects LMS: before 23.04.03.

  • CVE-2022-0888CriMar 23, 2022
    risk 0.64cvss 9.8epss 0.39

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to…

  • CVE-2021-41646CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.07

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..

  • CVE-2015-9271CriOct 4, 2018
    risk 0.64cvss 9.8epss 0.04

    The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code,…

  • CVE-2018-17573CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and…