CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,103 vulnerabilities with CWE-434
CVE-2025-56704 HIGH
LeptonCMS 7.3.0 - Authenticated Arbitrary File Upload via ZIP/PHP File
CVSS 8.8
CVE-2025-14219 MEDIUM
Campcodes Retro Basketball Shoes Online Store 1.0 - Unrestricted File Upload via product_image Argument
CVSS 4.7
CVE-2025-14199 MEDIUM
Verysync <2.21.3 - Unrestricted Upload
CVSS 6.3
CVE-2025-14195 MEDIUM
Employee Profile Management System 1.0 - Unrestricted File Upload via per_file Argument
CVSS 6.3
CVE-2025-13065 HIGH
Starter Templates <= 4.4.41 - Authenticated Arbitrary File Upload via Double Extension Bypass
CVSS 8.8
CVE-2025-12966 HIGH
All-in-One Video Gallery <4.5.7 - RCE
CVSS 8.8
CVE-2025-12673 CRITICAL
Flex QR Code Generator <1.2.6 - RCE
CVSS 9.8
CVE-2025-65897 HIGH
zdh_web <5.6.17 - Privilege Escalation/Remote Code Execution
CVSS 8.8
CVE-2025-12181 HIGH
ContentStudio plugin <1.3.7 - File Upload
CVSS 8.8
CVE-2025-12154 HIGH
Auto Thumbnailer <= 1.0 - Authenticated Arbitrary File Upload via uploadThumb() Function
CVSS 8.8
CVE-2025-12153 HIGH
WordPress Featured Image via URL <0.1 - RCE
CVSS 8.8
CVE-2025-13066 HIGH
Demo Importer Plus <= 2.0.6 - Authenticated Arbitrary File Upload via Double Extension Bypass
CVSS 8.8
CVE-2025-13543 HIGH
PostGallery plugin <1.12.5 - File Upload
CVSS 8.8
CVE-2025-65806 MEDIUM
E-POINT CMS eagle.gsam-1169.1 - RCE
CVSS 4.3
CVE-2025-65027 HIGH
romm < 4.4.1 - Authenticated Unrestricted File Upload and Stored Cross-Site Scripting via SVG/HTML Files
CVSS 7.6
CVE-2025-13949 MEDIUM
ProudMuBai GoFilm <1.0.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-13646 HIGH
Modula Image Gallery 2.13.1-2.13.2 - Authenticated Arbitrary File Upload via ajax_unzip_file Function
CVSS 7.5
CVE-2025-65844 HIGH
EverShop 2.0.1 - Unauthenticated Arbitrary File Upload via /api/images Endpoint
CVSS 7.5
CVE-2025-13827 HIGH
Mautic grapes-js-builder-bundle 4.0.0-4.4.17 - Unrestricted File Upload via GrapesJS Builder
CVE-2025-13516 HIGH
SureMail SMTP & Email Logs Plugin <1.9.0 - Unrestricted Upload
CVSS 8.1
CVE-2025-13815 MEDIUM
mogublog < 5.2 - Unrestricted File Upload via /file/pictures filedatas Parameter
CVSS 6.3
CVE-2025-51736 MEDIUM
HCL Unica 12.0.0 - Unrestricted Upload of File with Dangerous Type
CVSS 6.3
CVE-2025-13536 HIGH
Blubrry PowerPress <11.15.2 - Code Injection
CVSS 8.8
CVE-2025-66256 CRITICAL
DB Electronica Telecomunicazioni Mozart FM Transmitter - Unauthenticated Arbitrary File Upload via patch_contents.php
CVSS 9.8
CVE-2025-66255 CRITICAL
DB Electronica Telecomunicazioni Mozart FM Transmitter - Unauthenticated Arbitrary File Upload via upgrade_contents.php
CVSS 9.8
Details
Vulnerabilities 4,103
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits