VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 52 of 84
  • CVE-2025-12867HigNov 10, 2025
    risk 0.47cvss 7.2epss 0.01

    EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

  • CVE-2025-12378HigOct 28, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The…

  • CVE-2025-12301HigOct 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has…

  • CVE-2025-11889HigOct 24, 2025
    risk 0.47cvss 7.2epss 0.01

    The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with…

  • CVE-2025-10754HigOct 15, 2025
    risk 0.47cvss 7.2epss 0.01

    The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Editor-level access…

  • CVE-2025-10051HigOct 15, 2025
    risk 0.47cvss 7.2epss 0.01

    The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and…

  • CVE-2025-11675HigOct 13, 2025
    risk 0.47cvss 7.2epss 0.01

    Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

  • CVE-2025-11660HigOct 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to…

  • CVE-2025-11659HigOct 13, 2025
    risk 0.47cvss 7.3epss 0.01

    A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted…

  • CVE-2025-11658HigOct 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack…

  • CVE-2025-11657HigOct 13, 2025
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload.…

  • CVE-2025-11656HigOct 13, 2025
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The…

  • CVE-2025-11347HigOct 7, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can…

  • CVE-2025-11318HigOct 6, 2025
    risk 0.47cvss 7.3epss 0.01

    A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the argument File results in…

  • CVE-2025-10747HigSep 26, 2025
    risk 0.47cvss 7.2epss 0.01

    The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access…

  • CVE-2025-10600HigSep 17, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published…

  • CVE-2025-10447HigSep 15, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in Campcodes Online Job Finder System 1.0. The impacted element is an unknown function of the file /eris/applicationform.php. The manipulation of the argument picture results in unrestricted upload. It is possible to launch the attack remotely. The…

  • CVE-2025-10425HigSep 15, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted…

  • CVE-2025-10424HigSep 15, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted…

  • CVE-2025-10371HigSep 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit…