Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,104)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-46101 1Gdidees 1Gdidees Cms Apr 28, 2025 Sep 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 GDidees CMS <= v3.9.1 has a file upload vulnerability.
CVE-2024-9038 1Codezips 1Online Shopping Portal Sep 27, 2024 Sep 20, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument prod...Show more A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-9036 1Angeljudesuarez 1Online Book Store Project Sep 26, 2025 Sep 20, 2024 5.3 MEDIUM· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestr...Show more A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-40125 1Closed Loop 1Cless Server Sep 25, 2024 Sep 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
CVE-2024-46377 1Mayurik 1Best House Rental Management System Apr 16, 2025 Sep 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.
CVE-2024-46373 1Dedecms 1Dedecms Mar 31, 2025 Sep 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.
CVE-2024-45398 1Contao 1Contao Sep 25, 2024 Sep 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3...Show more Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.Show less
CVE-2024-8242 1Inspireui 1Mstore Api Sep 18, 2024 Sep 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to,...Show more The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. This can be paired with a registration endpoint for unauthenticated users to exploit the issue.Show less
CVE-2024-27115 1Soplanning 1Soplanning Sep 18, 2024 Sep 11, 2024 10.0 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folde...Show more A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.Show less
CVE-2024-8232 - - Sep 11, 2024 Sep 10, 2024 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication.
CVE-2024-44871 1Mozilo 1Mozilocms Sep 13, 2024 Sep 10, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-7770 1Bitapps 1File Manager Sep 26, 2024 Sep 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all v...Show more The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-44849 1Qualitor 1Qualitor Jul 1, 2025 Sep 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.
CVE-2024-7620 1Fastlinemedia 1Customizer Export/import Jul 10, 2025 Sep 7, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible...Show more The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created.Show less
CVE-2024-45171 1C Mor 1C Mor Video Surveillance Sep 4, 2025 Sep 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR...Show more An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory "/srv/www/backups" on the C-MOR system, and can thus be accessed via the URL https://<HOST>/backup/upload_<FILENAME>. Due to broken access control, low-privileged authenticated users can also use this file upload functionality.Show less
CVE-2024-8463 1Phpgurukul 1Job Portal Sep 12, 2024 Sep 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
CVE-2024-45076 1Ibm 1Webmethods Integration Sep 6, 2024 Sep 4, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
CVE-2024-42991 1Mingsoft 1Mcms Apr 30, 2025 Sep 3, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.
CVE-2024-8342 1Nelzkie15 2Pet Shop Management System Petshop Management System Feb 24, 2026 Aug 30, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of t...Show more A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-8341 1Nelzkie15 1Pet Shop Management System Sep 4, 2024 Aug 30, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar lea...Show more A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...777879...206 Next