VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 29 of 84
  • CVE-2025-22152CriJan 10, 2025
    risk 0.59cvss 9.1epss 0.01

    Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through…

  • CVE-2024-56054CriDec 18, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.

  • CVE-2024-54285CriDec 16, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10.

  • CVE-2024-52397CriNov 16, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through <= 1.4.

  • CVE-2024-52398CriNov 16, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3.

  • CVE-2024-47649CriOct 16, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects Iconize: from n/a through <= 1.2.4.

  • CVE-2024-38736CriJul 12, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.

  • CVE-2024-38734CriJul 12, 2024
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4.

  • CVE-2024-37555CriJul 9, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through <= 4.1.2.

  • CVE-2024-5441HigJul 9, 2024
    risk 0.59cvss 8.8epss 0.01

    The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access…

  • CVE-2024-34440CriMay 14, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

  • CVE-2024-34416CriMay 14, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1.

  • CVE-2024-32954CriApr 24, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

  • CVE-2024-32836CriApr 24, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.11.

  • CVE-2024-31345CriApr 7, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.

  • CVE-2024-27951CriApr 3, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

  • CVE-2024-2890CriMar 28, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

  • CVE-2024-29100CriMar 28, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

  • CVE-2023-47846CriMar 26, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.

  • CVE-2023-47842CriMar 26, 2024
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.