VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 53 of 84
  • CVE-2025-10049HigSep 10, 2025
    risk 0.47cvss 7.2epss 0.01

    The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with…

  • CVE-2025-10116HigSep 9, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used.

  • CVE-2025-9515HigSep 6, 2025
    risk 0.47cvss 7.2epss 0.01

    The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and…

  • CVE-2025-6085HigSep 4, 2025
    risk 0.47cvss 7.2epss 0.01

    The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level…

  • CVE-2025-9775HigSep 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be…

  • CVE-2025-9772HigSep 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This…

  • CVE-2025-9476HigAug 26, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to…

  • CVE-2025-9475HigAug 26, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 causes unrestricted upload.…

  • CVE-2025-8798HigAug 10, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack…

  • CVE-2025-8255HigJul 28, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely.…

  • CVE-2025-7931HigJul 21, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be…

  • CVE-2025-7917HigJul 21, 2025
    risk 0.47cvss 7.2epss 0.01

    WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

  • CVE-2025-7547HigJul 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects the function save_movie of the file /admin/admin_class.php. The manipulation of the argument cover leads to unrestricted upload. It is…

  • CVE-2025-7538HigJul 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/product_update.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely.…

  • CVE-2025-7470HigJul 12, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack…

  • CVE-2025-6586HigJul 4, 2025
    risk 0.47cvss 7.2epss 0.01

    The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with Administrator-level…

  • CVE-2025-6843HigJun 29, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack…

  • CVE-2025-23171HigJun 19, 2025
    risk 0.47cvss 7.2epss 0.00

    The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director…

  • CVE-2025-6086HigJun 18, 2025
    risk 0.47cvss 7.2epss 0.01

    The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access…

  • CVE-2025-6161HigJun 17, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack…