CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,104 vulnerabilities with CWE-434
CVE-2025-11755 HIGH
WP Delicious - Recipe Plugin <1.9.0 - RCE
CVSS 8.8
CVE-2025-11499 CRITICAL
Tablesome Table - WPForms <1.1.32 - File Upload
CVSS 9.8
CVE-2025-62618 HIGH
elog < 3.1.5-20251014 - Authenticated Arbitrary HTML File Upload and Credential Theft
CVSS 8.0
CVE-2025-64095 CRITICAL
Dnnsoftware Dotnetnuke < 10.1.1 - Unrestricted File Upload
CVSS 10.0
CVE-2025-62802 MEDIUM
DNN <10.1.1 - Info Disclosure
CVSS 4.3
CVE-2025-12378 HIGH
Simple Food Ordering System 1.0 - Unrestricted File Upload via Photo Argument
CVSS 7.3
CVE-2025-12347 MEDIUM
MaxSite CMS < 109 - Unrestricted File Upload via file_path/content Parameter
CVSS 6.3
CVE-2025-12346 MEDIUM
MaxSite CMS < 109 - Unrestricted File Upload via X-Requested-FileName/X-Requested-FileUpDir Header
CVSS 6.3
CVE-2025-12344 MEDIUM
Yonyou U8 Cloud <5.1sp - Unrestricted Upload
CVSS 6.3
CVE-2025-12331 MEDIUM
Willow CMS < 1.4.0 - Unauthenticated Unrestricted File Upload via /admin/images/add
CVSS 4.7
CVE-2025-12301 HIGH
Simple Food Ordering System 1.0 - Unrestricted File Upload via Photo Argument
CVSS 7.3
CVE-2025-12291 MEDIUM
ashymuzuro Full-Ecommece-Website & Muzuro Ecommerce System <1.1.0 -...
CVSS 4.7
CVE-2025-12268 MEDIUM
LearnHouse < 2025-09-21 - Unrestricted File Upload via Course Thumbnail Handler
CVSS 6.3
CVE-2025-12223 MEDIUM
Bdtask Flight Booking Software < 3.1 - Unrestricted File Upload in Package Information Module
CVSS 6.3
CVE-2025-12222 MEDIUM
Bdtask Flight Booking Software < 3.1 - Unrestricted File Upload via Deposit Handler
CVSS 6.3
CVE-2025-12201 MEDIUM
ajayrandhawa user-management-php-mysql < 2023-03-16 - Unrestricted File Upload via Image Argument
CVSS 4.7
CVE-2025-60735 HIGH
PerfreeBlog 4.0.11 - Arbitrary File Upload via installPlugin Function
CVSS 7.6
CVE-2025-60731 HIGH
PerfreeBlog 4.0.11 - Unrestricted Upload of File with Dangerous Type via installTheme Function
CVSS 7.6
CVE-2025-11889 HIGH
AIO Forms - Craft Complex Forms Easily <1.3.15 - RCE
CVSS 7.2
CVE-2025-6440 CRITICAL
WooCommerce Designer Pro <1.9.26 - RCE
CVSS 9.8
CVE-2025-58963 CRITICAL
Medcity < 1.1.9 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2025-52758 CRITICAL
Zippy <= 1.7.0 - Unrestricted Upload of File with Dangerous Type
CVSS 9.1
CVE-2025-49060 CRITICAL
Wastia < 1.1.3 - Unrestricted Upload of File with Dangerous Type
CVSS 10.0
CVE-2025-48106 CRITICAL
CMSSuperHeroes Clanora <1.3.1 - UUTFDT
CVSS 10.0
CVE-2025-60500 HIGH
QDocs Smart School Management System 7.1 - Auth Bypass
CVSS 7.2
Details
Vulnerabilities 4,104
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits