VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 41 of 84
  • CVE-2017-2737HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

  • CVE-2017-1000238HigNov 17, 2017
    risk 0.57cvss 8.8epss 0.01

    InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.

  • CVE-2014-2664HigOct 17, 2017
    risk 0.57cvss 8.8epss 0.03

    Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then…

  • CVE-2017-13982HigSep 30, 2017
    risk 0.57cvss 8.8epss 0.03

    A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.

  • CVE-2017-14399HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.01

    In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.

  • CVE-2015-9228HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.04

    In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

  • CVE-2017-14251HigSep 11, 2017
    risk 0.57cvss 8.8epss 0.02

    Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

  • CVE-2017-14050HigAug 31, 2017
    risk 0.57cvss 8.8epss 0.01

    In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.

  • CVE-2017-12678HigAug 8, 2017
    risk 0.57cvss 8.8epss 0.02

    In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

  • CVE-2017-9840HigJun 25, 2017
    risk 0.57cvss 8.8epss 0.01

    Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.

  • CVE-2017-9069HigMay 18, 2017
    risk 0.57cvss 8.8epss 0.02

    In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.

  • CVE-2017-8080HigMay 5, 2017
    risk 0.57cvss 8.8epss 0.03

    Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.

  • CVE-2016-8921HigFeb 1, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

  • CVE-2016-6124HigFeb 1, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

  • CVE-2017-5520HigJan 17, 2017
    risk 0.57cvss 8.8epss 0.02

    The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.

  • CVE-2016-7902HigJan 4, 2017
    risk 0.57cvss 8.8epss 0.03

    Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated…

  • CVE-2026-44088HigMay 15, 2026
    risk 0.56cvss epss 0.00

    SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing…

  • CVE-2024-58295HigDec 11, 2025
    risk 0.56cvss epss 0.00

    ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be…

  • CVE-2025-10544HigSep 26, 2025
    risk 0.56cvss epss 0.00

    Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that…

  • CVE-2025-55383HigAug 21, 2025
    risk 0.56cvss 8.6epss 0.00

    Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server.