CWE-434
Unrestricted Upload of File with Dangerous Type
BaseDraftLikelihood: Medium
Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1
CVEs mapped to this weakness (1,190)
page 9 of 60| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50484 | Cri | 0.65 | 10.0 | 0.02 | Oct 29, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2. | |
| CVE-2024-50496 | Cri | 0.65 | 10.0 | 0.01 | Oct 28, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6. | |
| CVE-2024-50495 | Cri | 0.65 | 10.0 | 0.01 | Oct 28, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through <= 0.1. | |
| CVE-2024-49610 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in photokiteditor photokit photokit allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through <= 1.0. | |
| CVE-2024-49330 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through <= 1.0. | |
| CVE-2024-49329 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0. | |
| CVE-2024-49327 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2. | |
| CVE-2024-49326 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3. | |
| CVE-2024-49324 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0. | |
| CVE-2024-49611 | Cri | 0.65 | 10.0 | 0.01 | Oct 20, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0. | |
| CVE-2024-49314 | Cri | 0.65 | 10.0 | 0.01 | Oct 17, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2. | |
| CVE-2024-49291 | Cri | 0.65 | 10.0 | 0.01 | Oct 17, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | |
| CVE-2024-49242 | Cri | 0.65 | 10.0 | 0.01 | Oct 16, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5. | |
| CVE-2024-49216 | Cri | 0.65 | 10.0 | 0.01 | Oct 16, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through <= 0.2.1. | |
| CVE-2024-49257 | Cri | 0.65 | 10.0 | 0.01 | Oct 16, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9. | |
| CVE-2024-6314 | Cri | 0.65 | 9.8 | 0.13 | Jul 9, 2024 | The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can only be exploited if the 'gd' php extension is not loaded on the server. | |
| CVE-2024-6127 | Cri | 0.65 | 9.8 | 0.66 | Jun 27, 2024 | BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. | |
| CVE-2024-37228 | Cri | 0.65 | 10.0 | 0.01 | Jun 24, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38. | |
| CVE-2024-34990 | Cri | 0.65 | 10.0 | 0.00 | Jun 19, 2024 | In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers. | |
| CVE-2024-5853 | Cri | 0.65 | 9.9 | 0.10 | Jun 19, 2024 | The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. |