CWE-434
Medium likelihoodUnrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
4,119 vulnerabilities with CWE-434
CVE-2025-0399
MEDIUM
StarSea99 starsea-mall 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-22152
CRITICAL
Atheos < 600 - Path Traversal and Arbitrary File Write via $path and $target Parameters
CVSS 9.1
CVE-2025-22504
CRITICAL
jumpdemand 4ECPS Web Forms <0.2.18 - RCE
CVSS 10.0
CVE-2025-0346
MEDIUM
code-projects CMS 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-0341
MEDIUM
CampCodes Computer Laboratory Management System 1.0 - Unrestricted File Upload via e_photo Parameter
CVSS 6.3
CVE-2025-0335
MEDIUM
code-projects Online Bike Rental System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-22137
CRITICAL
Pingvin Share <1.4.0 - Code Injection
CVSS 9.8
CVE-2025-22133
CRITICAL
WeGIA < 3.2.8 - Unrestricted Upload of File with Dangerous Type via controla_xlsx.php Endpoint
CVSS 9.9
CVE-2025-22132
HIGH
WeGIA < 3.2.7 - Stored Cross-Site Scripting via XLSX File Upload
CVSS 8.3
CVE-2025-21624
CRITICAL
ClipBucket 5.3-5.5.1-239 - Unrestricted PHP File Upload via Playlist Cover Image
CVSS 9.8
CVE-2025-0213
MEDIUM
Campcodes Project Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-22389
HIGH
Optimizely EPiServer.CMS.Core < 12.32.0 - Unrestricted Upload of Dangerous File Types
CVSS 8.0
CVE-2024-52488
CRITICAL
WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability
CVSS 9.9
CVE-2024-58349
CRITICAL
WordPress Theme Travelscape 1.0.3 Arbitrary File Upload
CVSS 9.8
CVE-2024-58348
CRITICAL
WordPress Background Image Cropper 1.2 Remote Code Execution
CVSS 9.8
CVE-2024-50620
HIGH
CIPPlanner CIPAce <9.17 - Unrestricted Upload of File with Dangerou...
CVSS 8.8
CVE-2024-27480
CRITICAL
givanz VvvebJs <1.7.2 - Info Disclosure
CVSS 9.8
CVE-2024-25182
CRITICAL
givanz VvvebJs <1.7.2 - File Upload
CVSS 9.8
CVE-2024-44599
HIGH
FNT Command <13.4.0 - Path Traversal
CVSS 8.3
CVE-2024-44598
HIGH
FNT Command 13.4.0 - Code Injection
CVSS 8.8
CVE-2024-58313
HIGH
xbtitFM 4.1.18 - Authenticated Arbitrary PHP File Upload via File Hosting Feature
CVSS 7.2
CVE-2024-58298
CRITICAL
Compuware iStrobe Web 20.13 - Unauthenticated Remote Code Execution via JSP File Upload
CVE-2024-58295
HIGH
ElkArte Forum 1.1.9 - Authenticated Remote Code Execution via Theme Upload
CVE-2024-58283
HIGH
WBCE CMS 1.6.2 - Authenticated Remote Code Execution via Elfinder File Upload
CVSS 8.8
CVE-2024-58282
HIGH
Serendipity 2.5.0 - Authenticated Remote Code Execution via Media Upload
CVSS 7.2
Details
Vulnerabilities
4,119
Exploit Likelihood
Medium