CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 41 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2737 | Hig | 0.57 | 8.8 | 0.01 | Nov 22, 2017 | VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | ||
| CVE-2017-1000238 | Hig | 0.57 | 8.8 | 0.01 | Nov 17, 2017 | InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | ||
| CVE-2014-2664 | — | Hig | 0.57 | 8.8 | 0.03 | Oct 17, 2017 | Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then… | |
| CVE-2017-13982 | Hig | 0.57 | 8.8 | 0.03 | Sep 30, 2017 | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||
| CVE-2017-14399 | Hig | 0.57 | 8.8 | 0.01 | Sep 12, 2017 | In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | ||
| CVE-2015-9228 | Hig | 0.57 | 8.8 | 0.04 | Sep 12, 2017 | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||
| CVE-2017-14251 | Hig | 0.57 | 8.8 | 0.02 | Sep 11, 2017 | Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | ||
| CVE-2017-14050 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2017 | In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | ||
| CVE-2017-12678 | Hig | 0.57 | 8.8 | 0.02 | Aug 8, 2017 | In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | ||
| CVE-2017-9840 | Hig | 0.57 | 8.8 | 0.01 | Jun 25, 2017 | Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | ||
| CVE-2017-9069 | Hig | 0.57 | 8.8 | 0.02 | May 18, 2017 | In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | ||
| CVE-2017-8080 | Hig | 0.57 | 8.8 | 0.03 | May 5, 2017 | Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||
| CVE-2016-8921 | Hig | 0.57 | 8.8 | 0.02 | Feb 1, 2017 | IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||
| CVE-2016-6124 | Hig | 0.57 | 8.8 | 0.02 | Feb 1, 2017 | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||
| CVE-2017-5520 | Hig | 0.57 | 8.8 | 0.02 | Jan 17, 2017 | The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | ||
| CVE-2016-7902 | Hig | 0.57 | 8.8 | 0.03 | Jan 4, 2017 | Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated… | ||
| CVE-2026-44088 | — | Hig | 0.56 | — | 0.00 | May 15, 2026 | SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing… | |
| CVE-2024-58295 | Hig | 0.56 | — | 0.00 | Dec 11, 2025 | ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be… | ||
| CVE-2025-10544 | Hig | 0.56 | — | 0.00 | Sep 26, 2025 | Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that… | ||
| CVE-2025-55383 | Hig | 0.56 | 8.6 | 0.00 | Aug 21, 2025 | Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server. |
- risk 0.57cvss 8.8epss 0.01
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
- risk 0.57cvss 8.8epss 0.01
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
- risk 0.57cvss 8.8epss 0.03
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then…
- risk 0.57cvss 8.8epss 0.03
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
- risk 0.57cvss 8.8epss 0.01
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
- risk 0.57cvss 8.8epss 0.04
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
- risk 0.57cvss 8.8epss 0.02
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
- risk 0.57cvss 8.8epss 0.01
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
- risk 0.57cvss 8.8epss 0.02
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
- risk 0.57cvss 8.8epss 0.01
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
- risk 0.57cvss 8.8epss 0.02
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
- risk 0.57cvss 8.8epss 0.03
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
- risk 0.57cvss 8.8epss 0.02
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
- risk 0.57cvss 8.8epss 0.02
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
- risk 0.57cvss 8.8epss 0.02
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
- risk 0.57cvss 8.8epss 0.03
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated…
- risk 0.56cvss —epss 0.00
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing…
- risk 0.56cvss —epss 0.00
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be…
- risk 0.56cvss —epss 0.00
Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that…
- risk 0.56cvss 8.6epss 0.00
Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server.