CWE-434
Unrestricted Upload of File with Dangerous Type
BaseDraftLikelihood: Medium
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,190)
page 58 of 60| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9296 | Med | 0.31 | 4.7 | 0.00 | Aug 21, 2025 | A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-8379 | Med | 0.31 | 4.7 | 0.00 | Jul 31, 2025 | A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-8265 | Med | 0.31 | 4.7 | 0.00 | Jul 28, 2025 | A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-7898 | Med | 0.31 | 4.7 | 0.00 | Jul 20, 2025 | A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-7477 | Med | 0.31 | 4.7 | 0.00 | Jul 12, 2025 | A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-6873 | Med | 0.31 | 4.7 | 0.00 | Jun 29, 2025 | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-6872 | Med | 0.31 | 4.7 | 0.00 | Jun 29, 2025 | A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-6870 | Med | 0.31 | 4.7 | 0.00 | Jun 29, 2025 | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-4006 | Med | 0.31 | 4.7 | 0.00 | Apr 28, 2025 | A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-0057 | Med | 0.31 | 4.8 | 0.00 | Jan 14, 2025 | SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser. | |
| CVE-2024-9278 | Med | 0.31 | 4.7 | 0.00 | Sep 27, 2024 | A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2024-6647 | Med | 0.31 | 4.7 | 0.00 | Jul 10, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2024-3521 | Med | 0.31 | 4.7 | 0.00 | Apr 9, 2024 | A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2024-3444 | Med | 0.31 | 4.7 | 0.00 | Apr 8, 2024 | A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability. | |
| CVE-2023-5966 | Med | 0.31 | 4.7 | 0.00 | Nov 30, 2023 | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | |
| CVE-2023-5965 | Med | 0.31 | 4.7 | 0.00 | Nov 30, 2023 | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | |
| CVE-2026-3219 | Med | 0.30 | — | 0.00 | Apr 20, 2026 | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both. | |
| CVE-2025-14632 | Med | 0.29 | 4.4 | 0.00 | Jan 17, 2026 | The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload malicious HTML files containing JavaScript that will execute whenever a user accesses the uploaded file, granted they have permission to create or edit posts with the 'filr' post type. | |
| CVE-2024-11404 | Med | 0.29 | 5.5 | 0.00 | Nov 20, 2024 | Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3. | |
| CVE-2017-12332 | Med | 0.29 | 4.4 | 0.00 | Nov 30, 2017 | A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832. |