Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-27311 1Zohocorp 1Manageengine Ddi Central Nov 21, 2024 Jul 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
CVE-2024-31411 1Apache 1Streampipes Nov 21, 2024 Jul 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possi...Show more Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. Show less
CVE-2024-6220 1Keydatas 1Keydatas Apr 8, 2026 Jul 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it pos...Show more The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-6801 1Online Student Management System Project 1Online Student Management System Nov 21, 2024 Jul 17, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the...Show more A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.Show less
CVE-2024-6595 1Gitlab 1Gitlab Nov 21, 2024 Jul 17, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM packag...Show more An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.Show less
CVE-2024-40394 1Oretnom23 1Simple Library Management System Jul 9, 2025 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php.
CVE-2024-40425 1Sparkshop 1Sparkshop Apr 28, 2025 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.
CVE-2024-40555 1Project Team 1Tmall Demo Jun 13, 2025 Jul 15, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability.
CVE-2024-40553 1Project Team 1Tmall Demo Jun 13, 2025 Jul 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.
CVE-2024-5630 1Elearningfreak 1Insert Or Embed Articulate Content Nov 21, 2024 Jul 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
CVE-2024-6730 - - Nov 21, 2024 Jul 14, 2024 5.3 MEDIUM· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argu...Show more A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271403.Show less
CVE-2024-5450 1Bug Library Project 1Bug Library May 13, 2025 Jul 13, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files
CVE-2024-5080 1Tipsandtricks Hq 1Wp Emember May 6, 2025 Jul 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server
CVE-2024-40551 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40550 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40549 1Publiccms 1Publiccms Mar 25, 2025 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40548 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40546 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40545 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-38736 - - Nov 21, 2024 Jul 12, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.

Previous 1...828384...206 Next