VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 57 of 84
  • CVE-2023-6187HigNov 18, 2023
    risk 0.46cvss 7.5epss 0.52

    The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated…

  • CVE-2023-36809HigJul 5, 2023
    risk 0.46cvss 8.1epss 0.01

    Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing…

  • CVE-2023-33977HigJun 6, 2023
    risk 0.46cvss 8.1epss 0.01

    Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files…

  • CVE-2023-23937HigFeb 3, 2023
    risk 0.46cvss 8.2epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by…

  • CVE-2021-34551HigJun 16, 2021
    risk 0.46cvss 8.1epss 0.03

    PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.

  • CVE-2021-21346MedMar 23, 2021
    risk 0.46cvss 6.1epss 0.76

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is…

  • CVE-2017-11756HigJul 30, 2017
    risk 0.46cvss 7.0epss 0.01

    In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to…

  • CVE-2026-9053MedMay 22, 2026
    risk 0.45cvss epss 0.00

    Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element.

  • CVE-2026-33435HigApr 15, 2026
    risk 0.45cvss 8.0epss 0.01

    Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable…

  • CVE-2025-34336MedNov 19, 2025
    risk 0.45cvss epss 0.01

    eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without…

  • CVE-2025-57176MedSep 15, 2025
    risk 0.45cvss 6.5epss 0.00

    On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only)…

  • CVE-2023-22726HigJan 20, 2023
    risk 0.45cvss 8.0epss 0.01

    act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may…

  • CVE-2017-14841MedSep 28, 2017
    risk 0.45cvss 6.5epss 0.02

    Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.

  • CVE-2024-7074MedJun 2, 2025
    risk 0.44cvss 6.8epss 0.10

    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this…

  • CVE-2025-30173MedMay 22, 2025
    risk 0.44cvss 6.7epss 0.00

    File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-30169MedMay 22, 2025
    risk 0.44cvss 6.7epss 0.00

    File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2024-56264MedJan 2, 2025
    risk 0.44cvss 6.6epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.

  • CVE-2024-34021MedAug 1, 2024
    risk 0.44cvss 6.8epss 0.00

    Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.

  • CVE-2024-38519HigJul 2, 2024
    risk 0.44cvss 7.8epss 0.00

    `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on…

  • CVE-2024-1532MedMar 27, 2024
    risk 0.44cvss 6.8epss 0.01

    A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.