VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 8 of 84
  • CVE-2025-32660CriApr 17, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.

  • CVE-2025-26927CriApr 15, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7.

  • CVE-2025-26776CriFeb 22, 2025
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.

  • CVE-2025-23953CriJan 22, 2025
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Server.This issue affects user files: from n/a through <= 2.4.2.

  • CVE-2025-22504CriJan 9, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through <= 0.2.18.

  • CVE-2022-41573CriJan 7, 2025
    risk 0.65cvss 9.8epss 0.01

    An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote…

  • CVE-2024-43243CriJan 7, 2025
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through <= 1.2.6.

  • CVE-2024-56829CriJan 2, 2025
    risk 0.65cvss 10.0epss 0.01

    Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

  • CVE-2024-56046CriDec 31, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.

  • CVE-2024-53822CriDec 9, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

  • CVE-2024-54214CriDec 6, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through <= 1.18.

  • CVE-2024-52476CriDec 2, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through <= 1.5.3.

  • CVE-2024-52490CriNov 28, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through <= 2.5.1.

  • CVE-2024-8525CriNov 21, 2024
    risk 0.65cvss epss 0.01

    An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file.

  • CVE-2024-52379CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through <= 2.0.8.

  • CVE-2024-52377CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2.

  • CVE-2024-52376CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <= 1.0.1.

  • CVE-2024-52374CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through <= 1.5.5.

  • CVE-2024-52373CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through <= 2.0.1.

  • CVE-2024-52372CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through <= 7.0.0.