Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5745 1Bakery Online Ordering System Project 1Bakery Online Ordering System Nov 21, 2024 Jun 7, 2024 6.9 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulat...Show more A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.Show less
CVE-2024-5734 1Online Discussion Forum Project 1Online Discussion Forum Nov 21, 2024 Jun 7, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestri...Show more A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267408.Show less
CVE-2024-36774 1Monstra 1Monstra Nov 21, 2024 Jun 6, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-5278 1Gaizhenbiao 1Chuanhuchatgpt Oct 15, 2025 Jun 6, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does...Show more gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.Show less
CVE-2024-37273 1Homebrew 1Jan Nov 21, 2024 Jun 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-36858 1Homebrew 1Jan Nov 21, 2024 Jun 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-33930 1Unlimited Elements 1Unlimited Elements For Elementor Feb 5, 2025 Jun 4, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Eleme...Show more Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66.Show less
CVE-2024-0757 1Elearningfreak 1Insert Or Embed Articulate Content May 21, 2025 Jun 4, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within...Show more The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip filesShow less
CVE-2024-29974 1Zyxel 2Nas326 Firmware Nas542 Firmware Jan 22, 2025 Jun 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0...Show more UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.Show less
CVE-2024-29848 1Ivanti 1Avalanche May 6, 2025 May 31, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVE-2024-22060 1Ivanti 1Neurons For Itsm Jun 30, 2025 May 31, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
CVE-2024-5518 1Emiloimagtolis 1Online Discussion Forum Feb 11, 2025 May 30, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unre...Show more A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266589 was assigned to this vulnerability.Show less
CVE-2024-3412 - - Apr 8, 2026 May 29, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to...Show more The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-22641 1Tcpdf Project 1Tcpdf Nov 3, 2025 May 28, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
CVE-2024-35510 1Dedecms 1Dedecms Apr 1, 2025 May 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-46694 - - Nov 21, 2024 May 28, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls...Show more Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.Show less
CVE-2022-45171 1Liveboxcloud 1Vdesk Nov 21, 2024 May 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can ar...Show more An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.Show less
CVE-2024-5377 1Warrendaloyan 1Vehicle Management System Feb 10, 2025 May 26, 2024 6.9 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unre...Show more A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266289 was assigned to this vulnerability.Show less
CVE-2024-35593 - - Nov 21, 2024 May 24, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-1332 1Brainstormforce 1Custom Fonts Apr 8, 2026 May 24, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and outp...Show more The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less

Previous 1...868788...206 Next