VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 3 of 84
  • CVE-2024-51788CriNov 11, 2024
    risk 0.70cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0.

  • CVE-2024-50473CriOct 29, 2024
    risk 0.70cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3.

  • CVE-2024-50427CriOct 29, 2024
    risk 0.70cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136.

  • CVE-2024-9932CriOct 26, 2024
    risk 0.70cvss 9.8epss 0.38

    The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary…

  • CVE-2024-49668CriOct 23, 2024
    risk 0.70cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through <= 1.0.

  • CVE-2021-4449CriOct 16, 2024
    risk 0.70cvss 9.8epss 0.05

    The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's…

  • CVE-2024-32700CriMay 14, 2024
    risk 0.70cvss 10.0epss 0.03

    Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.

  • CVE-2018-17440CriOct 8, 2018
    risk 0.70cvss 9.8epss 0.37

    An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP…

  • CVE-2018-6580CriFeb 2, 2018
    risk 0.70cvss 9.8epss 0.37

    Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.

  • CVE-2015-4455CriMay 23, 2017
    risk 0.70cvss 9.8epss 0.41

    Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…

  • CVE-2014-125126CriJul 31, 2025
    risk 0.69cvss epss 0.02

    An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict…

  • CVE-2014-125116CriJul 25, 2025
    risk 0.69cvss epss 0.02

    A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file.…

  • CVE-2025-34040CriJun 24, 2025
    risk 0.69cvss epss 0.14

    An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of…

  • CVE-2024-54262CriDec 13, 2024
    risk 0.69cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.

  • CVE-2024-9290CriDec 13, 2024
    risk 0.69cvss 9.8epss 0.04

    The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it…

  • CVE-2024-51793CriNov 11, 2024
    risk 0.69cvss 10.0epss 0.02

    Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.

  • CVE-2024-50493CriOct 29, 2024
    risk 0.69cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4.

  • CVE-2024-50482CriOct 29, 2024
    risk 0.69cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.

  • CVE-2024-49653CriOct 23, 2024
    risk 0.69cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2.

  • CVE-2016-10036CriMay 1, 2018
    risk 0.69cvss 9.8epss 0.26

    Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of…