VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 46 of 84
  • CVE-2022-29637HigMay 26, 2022
    risk 0.51cvss 7.8epss 0.01

    An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file.

  • CVE-2022-26149HigFeb 26, 2022
    risk 0.51cvss 7.2epss 0.09

    MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

  • CVE-2020-13241HigMay 20, 2020
    risk 0.51cvss 7.8epss 0.00

    Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.

  • CVE-2020-10963HigMar 25, 2020
    risk 0.51cvss 7.2epss 0.15

    FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.

  • CVE-2017-2699HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and…

  • CVE-2017-11154HigAug 8, 2017
    risk 0.51cvss 7.2epss 0.14

    Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

  • CVE-2015-1000013HigOct 6, 2016
    risk 0.51cvss 7.8epss 0.02

    Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1

  • CVE-2026-46400HigJun 5, 2026
    risk 0.50cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type.…

  • CVE-2026-9227HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.01

    The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename…

  • CVE-2026-45315HigMay 15, 2026
    risk 0.50cvss 8.7epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/audio/transcriptions/.. The…

  • CVE-2026-42844HigMay 12, 2026
    risk 0.50cvss 8.8epss 0.00

    Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This…

  • CVE-2026-41938HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.01

    Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler.…

  • CVE-2026-6249HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and…

  • CVE-2026-40488HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS…

  • CVE-2026-40262HigApr 17, 2026
    risk 0.50cvss 8.7epss 0.00

    Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are…

  • CVE-2019-25673HigApr 5, 2026
    risk 0.50cvss 8.8epss 0.00

    UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to…

  • CVE-2025-32957HigMar 31, 2026
    risk 0.50cvss 8.7epss 0.01

    baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the…

  • CVE-2026-33687HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.01

    Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the `ApiFormUploadController`…

  • CVE-2025-13067HigMar 11, 2026
    risk 0.50cvss 8.8epss 0.00

    The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization.…

  • CVE-2026-1565HigFeb 26, 2026
    risk 0.50cvss 8.8epss 0.01

    The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUF_Admin_Settings::check_filetype_and_ext' function and in the…