CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 57 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6187 | Hig | 0.46 | 7.5 | 0.52 | Nov 18, 2023 | The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated… | ||
| CVE-2023-36809 | Hig | 0.46 | 8.1 | 0.01 | Jul 5, 2023 | Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing… | ||
| CVE-2023-33977 | Hig | 0.46 | 8.1 | 0.01 | Jun 6, 2023 | Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files… | ||
| CVE-2023-23937 | Hig | 0.46 | 8.2 | 0.00 | Feb 3, 2023 | Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by… | ||
| CVE-2021-34551 | — | Hig | 0.46 | 8.1 | 0.03 | Jun 16, 2021 | PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | |
| CVE-2021-21346 | Med | 0.46 | 6.1 | 0.76 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is… | ||
| CVE-2017-11756 | Hig | 0.46 | 7.0 | 0.01 | Jul 30, 2017 | In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to… | ||
| CVE-2026-9053 | Med | 0.45 | — | 0.00 | May 22, 2026 | Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element. | ||
| CVE-2026-33435 | Hig | 0.45 | 8.0 | 0.01 | Apr 15, 2026 | Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable… | ||
| CVE-2025-34336 | Med | 0.45 | — | 0.01 | Nov 19, 2025 | eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without… | ||
| CVE-2025-57176 | Med | 0.45 | 6.5 | 0.00 | Sep 15, 2025 | On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only)… | ||
| CVE-2023-22726 | Hig | 0.45 | 8.0 | 0.01 | Jan 20, 2023 | act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may… | ||
| CVE-2017-14841 | Med | 0.45 | 6.5 | 0.02 | Sep 28, 2017 | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | ||
| CVE-2024-7074 | — | Med | 0.44 | 6.8 | 0.10 | Jun 2, 2025 | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this… | |
| CVE-2025-30173 | Med | 0.44 | 6.7 | 0.00 | May 22, 2025 | File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2025-30169 | Med | 0.44 | 6.7 | 0.00 | May 22, 2025 | File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||
| CVE-2024-56264 | Med | 0.44 | 6.6 | 0.01 | Jan 2, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0. | ||
| CVE-2024-34021 | — | Med | 0.44 | 6.8 | 0.00 | Aug 1, 2024 | Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution. | |
| CVE-2024-38519 | Hig | 0.44 | 7.8 | 0.00 | Jul 2, 2024 | `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on… | ||
| CVE-2024-1532 | Med | 0.44 | 6.8 | 0.01 | Mar 27, 2024 | A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. |
- risk 0.46cvss 7.5epss 0.52
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated…
- risk 0.46cvss 8.1epss 0.01
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing…
- risk 0.46cvss 8.1epss 0.01
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files…
- risk 0.46cvss 8.2epss 0.00
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by…
- risk 0.46cvss 8.1epss 0.03
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
- risk 0.46cvss 6.1epss 0.76
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is…
- risk 0.46cvss 7.0epss 0.01
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to…
- risk 0.45cvss —epss 0.00
Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element.
- risk 0.45cvss 8.0epss 0.01
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable…
- risk 0.45cvss —epss 0.01
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without…
- risk 0.45cvss 6.5epss 0.00
On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only)…
- risk 0.45cvss 8.0epss 0.01
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may…
- risk 0.45cvss 6.5epss 0.02
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
- risk 0.44cvss 6.8epss 0.10
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this…
- risk 0.44cvss 6.7epss 0.00
File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.44cvss 6.7epss 0.00
File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
- risk 0.44cvss 6.6epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.
- risk 0.44cvss 6.8epss 0.00
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.
- risk 0.44cvss 7.8epss 0.00
`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on…
- risk 0.44cvss 6.8epss 0.01
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.