CWE-434

Medium likelihood

Unrestricted Upload of File with Dangerous Type

Parent: CWE-669 - Incorrect Resource Transfer Between Spheres

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

4,119 vulnerabilities with CWE-434
CVE-2025-5299 HIGH
Client Database Management System 1.0 - Unrestricted File Upload via uploaded_file_cancelled Parameter
CVSS 7.3
CVE-2025-4800 HIGH
MasterStudy LMS Pro <4.7.0 - File Upload
CVSS 8.8
CVE-2025-5178 MEDIUM
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Unrestricted File Upload via Image File Handler
CVSS 6.3
CVE-2025-5171 MEDIUM
llisoft MTA Maita Training System 4.5 - Unrestricted File Upload via OpenController File Download Function
CVSS 6.3
CVE-2025-5162 MEDIUM
H3C SecCenter SMP-E1114P02 < 20250513 - Unrestricted File Upload via logGeneralFile Parameter
CVSS 6.3
CVE-2025-5131 MEDIUM
Tmall Demo < 2025-05-05 - Unrestricted File Upload via uploadCategoryImage Function
CVSS 4.7
CVE-2025-5130 MEDIUM
tmall_demo < 2025-05-05 - Unrestricted File Upload via uploadProductImage Function
CVSS 4.7
CVE-2025-5058 CRITICAL
eMagicOne Store Manager <1.2.5 - RCE
CVSS 9.8
CVE-2025-4336 HIGH
eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() Function
CVSS 8.1
CVE-2025-5108 MEDIUM
ShopXO 6.5.0 - Unrestricted File Upload via Payment Controller ZIP Handler
CVSS 6.3
CVE-2025-47687 CRITICAL
StoreKeeper <14.4.4 - Code Injection
CVSS 10.0
CVE-2025-47663 CRITICAL
Mojoomla Hospital Management System <11 - RCE
CVSS 9.9
CVE-2025-47658 CRITICAL
Elula Wsdesk < 3.3.0 - Unrestricted File Upload
CVSS 9.9
CVE-2025-47642 CRITICAL
Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload
CVSS 10.0
CVE-2025-47641 CRITICAL
Printcart Web to Print Product Designer for WooCommerce <2.3.8 - Co...
CVSS 10.0
CVE-2025-47637 CRITICAL
STAGGS <= 2.11.0 - Unauthenticated Arbitrary File Upload
CVSS 10.0
CVE-2025-46490 CRITICAL
Crossword Compiler Puzzles <5.2 - RCE
CVSS 9.9
CVE-2025-31916 CRITICAL
joy2012bd JP Students Result Management System Premium <1.1.7 - RCE
CVSS 9.0
CVE-2025-30173 MEDIUM
ABB ASPECT-Enterprise NEXUS/MATRIX Series <=3.08.03 - Authenticated Arbitrary File Upload
CVSS 6.7
CVE-2025-30169 MEDIUM
ABB ASPECT-Enterprise NEXUS and MATRIX Series <= 3.08.03 - Authenticated PHP Script Upload and Execution
CVSS 6.7
CVE-2025-3444 MEDIUM
ManageEngine ServiceDesk Plus MSP and SupportCenter Plus < 14920 - Authenticated Local File Inclusion in Admin Help Card
CVSS 6.5
CVE-2025-5059 MEDIUM
Campcodes Online Shopping Portal 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-47939 MEDIUM
TYPO3 9.0.0-9.5.50 - Unrestricted Upload of File with Dangerous Type in File Management Module
CVSS 5.4
CVE-2025-39402 CRITICAL
mojoomla WPAMS <= 44.0 (17-08-2023) - Arbitrary File Upload
CVSS 9.9
CVE-2025-39401 CRITICAL
Mojoomla WPAMS <44.0 - Code Injection
CVSS 10.0
Details
Vulnerabilities 4,119
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits