VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,190)

page 25 of 60
  • CVE-2024-5441HigJul 9, 2024
    risk 0.59cvss 8.8epss 0.20

    The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The plugin allows administrators (via its settings) to extend the ability to submit events to unauthenticated users, which would allow unauthenticated attackers to exploit this vulnerability.

  • CVE-2024-34440CriMay 14, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

  • CVE-2024-34416CriMay 14, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1.

  • CVE-2024-32954CriApr 24, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

  • CVE-2024-32836CriApr 24, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.11.

  • CVE-2024-31345CriApr 7, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.

  • CVE-2024-27951CriApr 3, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

  • CVE-2024-2890CriMar 28, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

  • CVE-2024-29100CriMar 28, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

  • CVE-2023-47846CriMar 26, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.

  • CVE-2023-47842CriMar 26, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.

  • CVE-2023-29386CriMar 26, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.

  • CVE-2024-30231CriMar 26, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.

  • CVE-2024-2636CriMar 19, 2024
    risk 0.59cvss 9.0epss 0.00

    An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.

  • CVE-2023-6090CriFeb 29, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.

  • CVE-2023-51412CriDec 29, 2023
    risk 0.59cvss 9.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.

  • CVE-2023-49814CriDec 20, 2023
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0.

  • CVE-2023-45603CriDec 20, 2023
    risk 0.59cvss 9.0epss 0.02

    Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.

  • CVE-2023-40204CriDec 20, 2023
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.

  • CVE-2023-29102CriDec 20, 2023
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.