CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 30 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29386 | Cri | 0.59 | 9.1 | 0.01 | Mar 26, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | ||
| CVE-2024-30231 | Cri | 0.59 | 9.1 | 0.01 | Mar 26, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | ||
| CVE-2024-2636 | Cri | 0.59 | 9.0 | 0.01 | Mar 19, 2024 | An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file… | ||
| CVE-2023-6090 | Cri | 0.59 | 9.1 | 0.01 | Feb 29, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11. | ||
| CVE-2024-22567 | — | Hig | 0.59 | 8.8 | 0.18 | Feb 5, 2024 | File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | |
| CVE-2023-51412 | Cri | 0.59 | 9.0 | 0.01 | Dec 29, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. | ||
| CVE-2023-49814 | Cri | 0.59 | 9.1 | 0.01 | Dec 20, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0. | ||
| CVE-2023-45603 | Cri | 0.59 | 9.0 | 0.01 | Dec 20, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902. | ||
| CVE-2023-40204 | Cri | 0.59 | 9.1 | 0.01 | Dec 20, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from… | ||
| CVE-2023-29102 | Cri | 0.59 | 9.1 | 0.01 | Dec 20, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | ||
| CVE-2023-28170 | Cri | 0.59 | 9.1 | 0.01 | Dec 20, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | ||
| CVE-2022-27115 | Cri | 0.59 | 9.8 | 0.29 | Apr 11, 2022 | In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | ||
| CVE-2018-3832 | Cri | 0.59 | 9.0 | 0.02 | Aug 23, 2018 | An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the… | ||
| CVE-2018-12468 | Cri | 0.59 | 9.1 | 0.02 | Aug 1, 2018 | A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | ||
| CVE-2017-7357 | Cri | 0.59 | 9.1 | 0.03 | Apr 14, 2017 | Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | ||
| CVE-2026-1357 | Cri | 0.58 | 9.8 | 0.33 | Feb 11, 2026 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path… | ||
| CVE-2024-12854 | Hig | 0.58 | 8.8 | 0.01 | Jan 8, 2025 | The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible… | ||
| CVE-2024-53345 | Hig | 0.58 | 8.8 | 0.01 | Jan 7, 2025 | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-10590 | Hig | 0.58 | 8.8 | 0.01 | Dec 12, 2024 | The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and… | ||
| CVE-2024-11082 | Cri | 0.58 | 9.9 | 0.01 | Nov 28, 2024 | The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level… |
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.
- risk 0.59cvss 9.0epss 0.01
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file…
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.
- risk 0.59cvss 8.8epss 0.18
File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.
- risk 0.59cvss 9.0epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0.
- risk 0.59cvss 9.0epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from…
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.
- risk 0.59cvss 9.1epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1.
- risk 0.59cvss 9.8epss 0.29
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
- risk 0.59cvss 9.0epss 0.02
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the…
- risk 0.59cvss 9.1epss 0.02
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
- risk 0.59cvss 9.1epss 0.03
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
- risk 0.58cvss 9.8epss 0.33
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path…
- risk 0.58cvss 8.8epss 0.01
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible…
- risk 0.58cvss 8.8epss 0.01
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.58cvss 8.8epss 0.01
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and…
- risk 0.58cvss 9.9epss 0.01
The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level…