Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,098)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-57450 11000mz 1Chestnutcms May 13, 2025 Feb 3, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.
CVE-2025-24505 - - Feb 5, 2025 Jan 30, 2025 8.8 HIGH· v4 N/A· v3 N/A· v2 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.
CVE-2024-55417 1Thecontrolgroup 1Voyager May 23, 2025 Jan 30, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrar...Show more DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.Show less
CVE-2025-23213 1Tandoor 1Recipes May 8, 2025 Jan 28, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (X...Show more Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.Show less
CVE-2024-13448 1Themerex 1Addons Jan 30, 2025 Jan 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes...Show more The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2025-0722 1Needyamin 1Image Gallery Management System Feb 25, 2025 Jan 27, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argume...Show more A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-0357 1Iqonic 1Wpbookit Jun 27, 2025 Jan 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. Th...Show more The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2025-24650 1Themefic 1Tourfic Apr 23, 2026 Jan 24, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3.
CVE-2025-0702 1Joeybling 1Bootplus Oct 10, 2025 Jan 24, 2025 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileControl...Show more A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.Show less
CVE-2024-40693 1Ibm 1Planning Analytics Mar 5, 2025 Jan 24, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious execut...Show more IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.Show less
CVE-2024-25034 1Ibm 1Planning Analytics Mar 5, 2025 Jan 24, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable f...Show more IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.Show less
CVE-2024-55926 1Xerox 1Workplace Suite Feb 28, 2026 Jan 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthor...Show more A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to dataShow less
CVE-2025-23953 - - Apr 23, 2026 Jan 22, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Server.This issue affects user files: from n/a through <= 2.4.2.
CVE-2025-23942 - - Apr 23, 2026 Jan 22, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6.
CVE-2025-23921 - - Apr 23, 2026 Jan 22, 2025 N/A· v4 9.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: fr...Show more Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3.Show less
CVE-2025-23918 - - Apr 23, 2026 Jan 22, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a...Show more Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through <= 1.1.Show less
CVE-2024-13091 1Wpbot 1Wpot Jan 24, 2025 Jan 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This...Show more The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.Show less
CVE-2025-22723 - - Apr 23, 2026 Jan 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Up...Show more Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload a Web Shell to a Web Server.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.7.Show less
CVE-2024-51919 - - Apr 23, 2026 Jan 21, 2025 N/A· v4 9.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.
CVE-2025-0582 1Angeljudesuarez 1Tailoring Management System Feb 7, 2025 Jan 20, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unre...Show more A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely.Show less

Previous 1...616263...205 Next