CWE-434
Unrestricted Upload of File with Dangerous Type
BaseDraftLikelihood: Medium
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,190)
page 7 of 60| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32291 | Cri | 0.65 | 10.0 | 0.00 | Jun 9, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0. | |
| CVE-2025-47687 | Cri | 0.65 | 10.0 | 0.00 | May 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. | |
| CVE-2025-47642 | Cri | 0.65 | 10.0 | 0.00 | May 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.5. | |
| CVE-2025-47641 | Cri | 0.65 | 10.0 | 0.00 | May 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.3.9. | |
| CVE-2025-47637 | Cri | 0.65 | 10.0 | 0.00 | May 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through <= 2.11.0. | |
| CVE-2025-39401 | Cri | 0.65 | 10.0 | 0.01 | May 19, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). | |
| CVE-2025-39380 | Cri | 0.65 | 10.0 | 0.00 | May 19, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). | |
| CVE-2025-32660 | Cri | 0.65 | 10.0 | 0.00 | Apr 17, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2. | |
| CVE-2025-26927 | Cri | 0.65 | 10.0 | 0.00 | Apr 15, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7. | |
| CVE-2025-26776 | Cri | 0.65 | 10.0 | 0.00 | Feb 22, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | |
| CVE-2025-23953 | Cri | 0.65 | 10.0 | 0.00 | Jan 22, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Server.This issue affects user files: from n/a through <= 2.4.2. | |
| CVE-2025-22504 | Cri | 0.65 | 10.0 | 0.00 | Jan 9, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through <= 0.2.18. | |
| CVE-2024-43243 | Cri | 0.65 | 10.0 | 0.01 | Jan 7, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through <= 1.2.6. | |
| CVE-2024-56829 | Cri | 0.65 | 10.0 | 0.00 | Jan 2, 2025 | Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. | |
| CVE-2024-56046 | Cri | 0.65 | 10.0 | 0.01 | Dec 31, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. | |
| CVE-2024-53822 | Cri | 0.65 | 10.0 | 0.01 | Dec 9, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | |
| CVE-2024-54214 | Cri | 0.65 | 10.0 | 0.01 | Dec 6, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through <= 1.18. | |
| CVE-2024-52476 | Cri | 0.65 | 10.0 | 0.00 | Dec 2, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through <= 1.5.3. | |
| CVE-2024-52490 | Cri | 0.65 | 10.0 | 0.01 | Nov 28, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through <= 2.5.1. | |
| CVE-2024-8525 | Cri | 0.65 | — | 0.02 | Nov 21, 2024 | An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file. |