CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,103 vulnerabilities with CWE-434
CVE-2025-15415 MEDIUM
wangmarket < 6.4 - Unrestricted File Upload via XML File Handler
CVSS 4.7
CVE-2025-15404 MEDIUM
campcodes School File Management System 1.0 - Unrestricted File Upload via File Parameter in save_file.php
CVSS 6.3
CVE-2025-67707 MEDIUM
ArcGIS Server < 11.5 - Unauthenticated Arbitrary File Upload
CVSS 5.6
CVE-2025-67706 MEDIUM
ArcGIS Server < 11.5 - Unauthenticated Arbitrary File Upload
CVSS 5.6
CVE-2025-15360 MEDIUM
newbee-mall-plus 2.0.0 - Unrestricted File Upload via Product Information Edit Page
CVSS 4.7
CVE-2025-15262 MEDIUM
BiggiDroid Simple PHP CMS 1.0 - Unrestricted File Upload via Site Logo Handler
CVSS 4.7
CVE-2025-68562 CRITICAL
MapSVG < 8.7.3 - Arbitrary File Upload via Web Shell
CVSS 9.9
CVE-2025-15199 MEDIUM
College Notes Uploading System 1.0 - Unrestricted File Upload via User Profile Image Parameter
CVSS 6.3
CVE-2025-55061 HIGH
Priority Web <= 23.0 - Unrestricted File Upload
CVSS 8.8
CVE-2025-15197 MEDIUM
News-Buzz 1.0 - Unrestricted File Upload via Image Argument in Edit Posts
CVSS 4.7
CVE-2025-57460 CRITICAL
machpanel 8.0.32 - Unrestricted File Upload Leading to Webshell
CVSS 9.8
CVE-2025-15228 CRITICAL
welltend bpmflowwebkit < 5.0.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2025-15226 CRITICAL
Sun.net WMPro 5.0-<5.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2025-52691 CRITICAL KEV
SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 10.0
CVE-2025-15067 HIGH
Innorix WP - Unrestricted File Upload
CVSS 7.7
CVE-2025-15152 MEDIUM
h-moses moga-mall <392d631a5ef15962a9bddeeb9f1269b9085473fa - Unres...
CVSS 6.3
CVE-2025-15110 MEDIUM
jackq XCMS - Unrestricted File Upload in ProductImageController
CVSS 4.7
CVE-2025-15109 HIGH
jackq XCMS - Unrestricted File Upload
CVSS 7.3
CVE-2025-2155 HIGH
Echo Call Center Services Trade and Industry Inc. Specto CM <170320...
CVSS 8.8
CVE-2025-15050 MEDIUM
Student File Management System 1.0 - Unrestricted File Upload via File Parameter in /save_file.php
CVSS 6.3
CVE-2025-51511 CRITICAL
Cadmium CMS 0.4.9 - Unauthenticated Arbitrary File Upload via File Manager
CVSS 9.8
CVE-2025-67288 CRITICAL
Umbraco CMS 16.3.3 - Arbitrary File Upload via Crafted PDF File
CVSS 10.0
CVE-2025-67289 CRITICAL
Frappe Framework 15.89.0 - Arbitrary File Upload and Remote Code Execution via Attachments Module
CVSS 9.6
CVE-2025-15009 MEDIUM
ChestnutCMS < 1.5.8 - Unrestricted File Upload via Filename Handler
CVSS 6.3
CVE-2025-14800 HIGH
Redirection for Contact Form 7 <3.2.7 - File Upload
CVSS 8.1
Details
Vulnerabilities 4,103
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits