CWE-434
Unrestricted Upload of File with Dangerous Type
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,669)
page 58 of 84| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30968 | Med | 0.44 | 6.8 | 0.00 | Mar 12, 2024 | One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack. | ||
| CVE-2022-1565 | Hig | 0.44 | 7.2 | 0.11 | Jul 18, 2022 | The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above,… | ||
| CVE-2022-29623 | — | Hig | 0.44 | 7.8 | 0.01 | May 16, 2022 | An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report. | |
| CVE-2022-0409 | — | Hig | 0.44 | 7.8 | 0.01 | Feb 19, 2022 | Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. | |
| CVE-2022-0263 | Hig | 0.44 | 7.8 | 0.01 | Jan 18, 2022 | Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. | ||
| CVE-2026-0496 | Med | 0.43 | 6.6 | 0.00 | Jan 13, 2026 | SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application. | ||
| CVE-2025-49329 | Med | 0.43 | 6.6 | 0.00 | Jun 6, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through <= 1.5.2. | ||
| CVE-2025-47550 | Med | 0.43 | 6.6 | 0.00 | May 7, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through <= 3.3.16. | ||
| CVE-2025-39538 | Med | 0.43 | 6.6 | 0.00 | Apr 16, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search wp-advanced-search allows Upload a Web Shell to a Web Server.This issue affects WP-Advanced-Search: from n/a through <= 3.3.9.4. | ||
| CVE-2025-31577 | Med | 0.43 | 6.6 | 0.00 | Mar 31, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify appointify allows Upload a Web Shell to a Web Server.This issue affects Appointify: from n/a through <= 1.0.8. | ||
| CVE-2025-2819 | Med | 0.43 | 6.6 | 0.00 | Mar 26, 2025 | There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user. | ||
| CVE-2025-1025 | — | Hig | 0.43 | 7.5 | 0.18 | Feb 5, 2025 | Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. | |
| CVE-2024-53811 | Med | 0.43 | 6.6 | 0.00 | Dec 6, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through <= 1.0.40. | ||
| CVE-2024-49676 | Med | 0.43 | 6.6 | 0.00 | Oct 23, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor custom-icons-for-elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from n/a through <= 0.3.3. | ||
| CVE-2022-4732 | Hig | 0.43 | 7.2 | 0.38 | Dec 27, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. | ||
| CVE-2026-40548 | Med | 0.42 | — | 0.00 | Jun 1, 2026 | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with… | ||
| CVE-2026-46426 | Hig | 0.42 | 7.6 | 0.00 | May 27, 2026 | Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if (isPublicUser)… | ||
| CVE-2026-36387 | Med | 0.42 | 6.5 | 0.00 | May 7, 2026 | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE. | ||
| CVE-2026-32931 | Hig | 0.42 | 7.5 | 0.01 | Apr 10, 2026 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded… | ||
| CVE-2018-25162 | Med | 0.42 | 6.5 | 0.00 | Mar 6, 2026 | 2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are… |
- risk 0.44cvss 6.8epss 0.00
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
- risk 0.44cvss 7.2epss 0.11
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above,…
- risk 0.44cvss 7.8epss 0.01
An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report.
- risk 0.44cvss 7.8epss 0.01
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
- risk 0.44cvss 7.8epss 0.01
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
- risk 0.43cvss 6.6epss 0.00
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
- risk 0.43cvss 6.6epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through <= 1.5.2.
- risk 0.43cvss 6.6epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through <= 3.3.16.
- risk 0.43cvss 6.6epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search wp-advanced-search allows Upload a Web Shell to a Web Server.This issue affects WP-Advanced-Search: from n/a through <= 3.3.9.4.
- risk 0.43cvss 6.6epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify appointify allows Upload a Web Shell to a Web Server.This issue affects Appointify: from n/a through <= 1.0.8.
- risk 0.43cvss 6.6epss 0.00
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
- risk 0.43cvss 7.5epss 0.18
Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.
- risk 0.43cvss 6.6epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through <= 1.0.40.
- risk 0.43cvss 6.6epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor custom-icons-for-elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from n/a through <= 0.3.3.
- risk 0.43cvss 7.2epss 0.38
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
- risk 0.42cvss —epss 0.00
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with…
- risk 0.42cvss 7.6epss 0.00
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if (isPublicUser)…
- risk 0.42cvss 6.5epss 0.00
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.
- risk 0.42cvss 7.5epss 0.01
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded…
- risk 0.42cvss 6.5epss 0.00
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are…