VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 49 of 84
  • CVE-2025-7438HigJul 18, 2025
    risk 0.49cvss 7.5epss 0.01

    The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with…

  • CVE-2024-8232HigSep 10, 2024
    risk 0.49cvss 7.5epss 0.13

    SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication.

  • CVE-2024-30533HigMar 31, 2024
    risk 0.49cvss 7.5epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Techeshta Layouts for Elementor.This issue affects Layouts for Elementor: from n/a before 1.8.

  • CVE-2023-5637HigDec 1, 2023
    risk 0.49cvss 7.5epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1.

  • CVE-2022-27261HigApr 12, 2022
    risk 0.49cvss 7.5epss 0.01

    An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

  • CVE-2020-8162HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.03

    A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

  • CVE-2019-17352HigOct 8, 2019
    risk 0.49cvss 7.5epss 0.02

    In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain…

  • CVE-2018-17055HigSep 28, 2018
    risk 0.49cvss 7.5epss 0.01

    An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

  • CVE-2018-11196HigJun 1, 2018
    risk 0.49cvss 7.5epss 0.01

    Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does…

  • CVE-2018-11322HigMay 22, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

  • CVE-2018-9157HigApr 1, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP…

  • CVE-2018-9156HigApr 1, 2018
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP…

  • CVE-2017-16736HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.

  • CVE-2017-11326HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.

  • CVE-2016-7452HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.02

    The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

  • CVE-2025-15503HigJan 10, 2026
    risk 0.48cvss 7.3epss 0.02

    A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload.…

  • CVE-2025-7114HigJul 7, 2025
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The…

  • CVE-2024-28147HigJun 20, 2024
    risk 0.48cvss 7.4epss 0.01

    An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored …

  • CVE-2022-30945HigMay 17, 2022
    risk 0.48cvss 8.5epss 0.01

    Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.

  • CVE-2016-10258MedApr 11, 2018
    risk 0.48cvss 6.8epss 0.05

    Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and…