VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 67 of 84
  • CVE-2025-13574MedNov 24, 2025
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out…

  • CVE-2025-13423MedNov 20, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched…

  • CVE-2025-13411MedNov 19, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing a manipulation of the argument product_image results in unrestricted upload. The attack is…

  • CVE-2025-13275MedNov 17, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely.…

  • CVE-2025-13198MedNov 15, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-13185MedNov 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/banner_image results in unrestricted upload. The attack can be launched remotely.…

  • CVE-2025-60187MedNov 6, 2025
    risk 0.31cvss 4.8epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2.1.

  • CVE-2025-12593MedNov 2, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be…

  • CVE-2025-12331MedOct 27, 2025
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be…

  • CVE-2025-12291MedOct 27, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be…

  • CVE-2025-12201MedOct 27, 2025
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to…

  • CVE-2025-11655MedOct 13, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The…

  • CVE-2025-11508MedOct 8, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/voters_add.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been…

  • CVE-2025-11470MedOct 8, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /manage_website.php. The manipulation of the argument website_image/back_login_image leads to unrestricted upload.…

  • CVE-2025-11136MedSep 29, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched…

  • CVE-2025-11103MedSep 28, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be…

  • CVE-2025-10081MedSep 8, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-9296MedAug 21, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The…

  • CVE-2025-8379MedJul 31, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack…

  • CVE-2025-8265MedJul 28, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit…