Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,101)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-11018 1Vice 1Webopac Nov 18, 2024 Nov 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVE-2024-11017 1Vice 1Webopac Nov 18, 2024 Nov 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVE-2024-51793 1Webfulcreations 1Computer Repair Shop Apr 23, 2026 Nov 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.
CVE-2024-51792 - - Apr 23, 2026 Nov 11, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through <= 1.0.
CVE-2024-51791 - - Apr 23, 2026 Nov 11, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.8.0.
CVE-2024-51790 - - Apr 23, 2026 Nov 11, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through <= 3.0.
CVE-2024-51789 - - Apr 23, 2026 Nov 11, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through <= 1.0.0.
CVE-2024-51788 - - Apr 23, 2026 Nov 11, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Sto...Show more Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0.Show less
CVE-2024-11054 1Oretnom23 1Simple Music Cloud Community System Nov 14, 2024 Nov 10, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argum...Show more A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-10801 - - Nov 12, 2024 Nov 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5....Show more The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. User registration must be enabled for this to be exploited.Show less
CVE-2024-10547 - - Nov 12, 2024 Nov 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it po...Show more The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-10627 1Vanquish 1Woocommerce Support Ticket System Jun 5, 2025 Nov 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including,...Show more The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-51152 1Alexstack 1Laravel Cms Nov 13, 2024 Nov 8, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.
CVE-2024-11000 1Codeastro 1Real Estate Management System Jun 4, 2025 Nov 8, 2024 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. Th...Show more A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-10999 1Codeastro 1Real Estate Management System Jun 4, 2025 Nov 8, 2024 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the a...Show more A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-10994 1Codezips 1Online Institute Management System Nov 18, 2024 Nov 8, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the...Show more A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-10993 1Codezips 1Online Institute Management System Nov 18, 2024 Nov 8, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_i...Show more A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-10668 1Google 1Quick Share Jul 23, 2025 Nov 7, 2024 5.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent...Show more There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 or Quick Share Windows v1.0.2002.2Show less
CVE-2024-8615 1Eyecix 1Jobsearch Wp Job Board Nov 8, 2024 Nov 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and includi...Show more The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-8614 1Eyecix 1Jobsearch Wp Job Board Nov 8, 2024 Nov 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This m...Show more The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less

Previous 1...707172...206 Next