CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-34104 CRITICAL
Piwik (now Matomo) < 3.0.3 - Authenticated Remote Code Execution via Plugin Upload
CVE-2025-7340 CRITICAL
HT Contact Form Widget <= 2.2.1 - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2025-53891 MEDIUM
Time-Line- < 1.0.5 - Unrestricted Upload of File with Dangerous Type
CVSS 4.3
CVE-2025-7627 MEDIUM
kkFileViewOfficeEdit < 2019-03-19 - Unrestricted File Upload via File Parameter in fileUpload Function
CVSS 6.3
CVE-2025-7547 HIGH
Campcodes Online Movie Theater Seat Reservation System - Improper Access Control
CVSS 7.3
CVE-2025-7538 HIGH
Campcodes Sales and Inventory System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-7487 MEDIUM
JoeyBling SpringBoot_MyBatisPlus <a6a825513bd688f717dbae3a196bc9c96...
CVSS 6.3
CVE-2025-7477 MEDIUM
Simple Car Rental System 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-7470 HIGH
Campcodes Sales & Inventory System 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-6423 HIGH
BeeTeam368 Extensions <2.3.5 - File Upload
CVSS 8.8
CVE-2025-6058 CRITICAL
WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
CVSS 9.8
CVE-2025-6057 HIGH
WPBookit <= 1.0.4 - Authenticated Arbitrary File Upload via handle_image_upload()
CVSS 8.8
CVE-2025-7413 MEDIUM
code-projects Library System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-7412 MEDIUM
code-projects Library System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-34100 CRITICAL
BuilderEngine 3.5.0 - Code Injection
CVE-2025-34097 HIGH
ProcessMaker < 3.5.4 - Authenticated Remote Code Execution via Plugin Upload
CVE-2025-7210 MEDIUM
Fabian Ros Library Management System 2.0 - Unrestricted File Upload via admin/profile_update.php photo Parameter
CVSS 6.3
CVE-2025-34077 CRITICAL
WordPress Pie Register <3.7.1.4 - Auth Bypass
CVE-2025-7190 MEDIUM
Library Management System 2.0 - Unrestricted File Upload via Student Edit Photo
CVSS 6.3
CVE-2025-0928 HIGH
Juju < 2.9.52 and < 3.6.8 - Authenticated Arbitrary Agent Binary Upload
CVSS 8.8
CVE-2025-7181 MEDIUM
Staff Audit System 1.0 - Unrestricted File Upload via /test.php uploadedfile Parameter
CVSS 6.3
CVE-2025-7175 MEDIUM
E-Commerce Site 1.0 - Unrestricted File Upload via /admin/users_photo.php Photo Parameter
CVSS 6.3
CVE-2025-27127 MEDIUM
TIA Project-Server <V2.1.1, TIA Portal <V19.4, TIA Portal <V20.3 - ...
CVSS 4.3
CVE-2025-7152 MEDIUM
Campcodes Advanced Online Voting System 1.0 - Unrestricted File Upload via Photo Argument
CVSS 6.3
CVE-2025-7151 MEDIUM
Campcodes Advanced Online Voting System 1.0 - Unrestricted File Upload in Voters Add Photo
CVSS 6.3
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits