CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-9800 MEDIUM
sim < 0.3.40 - Unrestricted File Upload via HTML File Parser
CVSS 6.3
CVE-2025-9795 MEDIUM
tianti < 2.3 - Unrestricted File Upload via ajaxUploadFile Function
CVSS 6.3
CVE-2025-9775 HIGH
RemoteClinic < 2.0 - Unrestricted File Upload via /staff/edit-my-profile.php Image Parameter
CVSS 7.3
CVE-2025-9772 HIGH
RemoteClinic < 2.0 - Unrestricted File Upload via /staff/edit.php Image Parameter
CVSS 7.3
CVE-2025-31100 CRITICAL
Mojoomla School Management <1.93.1 - Unrestricted File Upload
CVSS 9.9
CVE-2025-54944 CRITICAL
SUNNET Corporate Training Management System < 10.11 - Unrestricted Upload of File with Dangerous Type
CVSS 9.8
CVE-2025-58159 CRITICAL
WeGIA < 3.4.11 - Remote Code Execution via Unrestricted PHP File Upload
CVSS 9.9
CVE-2025-58048 CRITICAL
Paymenter <1.2.11 - Privilege Escalation
CVSS 9.9
CVE-2025-31979 MEDIUM
HCL BigFix SM - File Upload Validation Bypass
CVSS 5.4
CVE-2025-49387 CRITICAL
Drag and Drop File Upload for Elementor Forms <1.5.3 - RCE
CVSS 10.0
CVE-2025-54762 CRITICAL
DOS Co., Ltd. SS1 <= 16.0.0.10 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2025-53970 CRITICAL
DOS Co., Ltd. SS1 <= 16.0.0.10 - Unauthenticated Arbitrary File Upload and OS Command Execution
CVSS 9.8
CVE-2025-34163 CRITICAL
Dongsheng Logistics Software < pre-July 2025 - Unauthenticated Arbitrary File Upload
CVE-2025-52353 CRITICAL
Badaso CMS 2.9.11 - Authenticated Remote Code Execution via Media Manager File Upload
CVSS 9.8
CVE-2025-9476 HIGH
SourceCodester HRIS 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-9475 HIGH
SourceCodester HRIS 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-9415 MEDIUM
GreenCMS <2.3.0603 - Unrestricted Upload
CVSS 6.3
CVE-2025-53119 HIGH
Securden Unified PAM <=11.3.1 - Unauthenticated File Upload
CVSS 7.5
CVE-2025-9406 MEDIUM
xuhuisheng lemon <1.13.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-9400 MEDIUM
YiFang CMS <2.0.5 - Unrestricted Upload
CVSS 6.3
CVE-2025-9397 MEDIUM
givanz Vvveb <1.0.7.2 - Unrestricted Upload
CVSS 6.3
CVE-2025-36174 HIGH
IBM Integrated Analytics System 1.0.0.0-1.0.30.0 - Authenticated Unrestricted Upload of File with Dangerous Type
CVSS 8.0
CVE-2025-43766 CRITICAL
Liferay DXP 2024.Q1.1-2024.Q1.12 - Unrestricted File Upload & RCE in Style Books
CVSS 9.8
CVE-2025-55455 LOW
DooTask v1.0.51 - Authenticated Download
CVSS 3.5
CVE-2025-26498 HIGH
Tableau Server < 2023.3.19 - Unrestricted Upload of File with Dangerous Type and Absolute Path Traversal
CVSS 7.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits