VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 56 of 84
  • CVE-2017-17987HigDec 30, 2017
    risk 0.47cvss 7.2epss 0.01

    PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.

  • CVE-2017-15876HigDec 19, 2017
    risk 0.47cvss 7.2epss 0.02

    Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.

  • CVE-2017-15673HigNov 28, 2017
    risk 0.47cvss 7.2epss 0.02

    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

  • CVE-2017-14958HigOct 2, 2017
    risk 0.47cvss 7.2epss 0.01

    lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.

  • CVE-2017-11466HigJul 20, 2017
    risk 0.47cvss 7.2epss 0.08

    Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to…

  • CVE-2016-6104HigFeb 7, 2017
    risk 0.47cvss 7.2epss 0.03

    IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.

  • CVE-2016-9268HigNov 10, 2016
    risk 0.47cvss 7.2epss 0.05

    Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it…

  • CVE-2026-46489HigJun 11, 2026
    risk 0.46cvss 8.1epss 0.00

    SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected…

  • CVE-2026-45089HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then…

  • CVE-2026-41269HigApr 23, 2026
    risk 0.46cvss 7.1epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend…

  • CVE-2026-5718HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.04

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which…

  • CVE-2026-3459HigMar 5, 2026
    risk 0.46cvss 8.1epss 0.01

    The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for…

  • CVE-2025-14800HigDec 21, 2025
    risk 0.46cvss 8.1epss 0.00

    The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy…

  • CVE-2025-13516HigDec 2, 2025
    risk 0.46cvss 8.1epss 0.01

    The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save_file() function in inc/emails/handler/uploads.php which duplicates all email…

  • CVE-2025-54460HigAug 21, 2025
    risk 0.46cvss 7.1epss 0.00

    The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.

  • CVE-2025-7443HigAug 1, 2025
    risk 0.46cvss 8.1epss 0.01

    The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up…

  • CVE-2025-54082HigJul 21, 2025
    risk 0.46cvss epss 0.01

    marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk…

  • CVE-2025-4336HigMay 24, 2025
    risk 0.46cvss 8.1epss 0.01

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload…

  • CVE-2024-8060HigMar 20, 2025
    risk 0.46cvss 8.1epss 0.01

    OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on the `file.content_type` and allows user-controlled filenames, leading to a path…

  • CVE-2025-22213HigMar 11, 2025
    risk 0.46cvss epss 0.00

    Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.