Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-25918 1Instawp 1Instawp Connect Apr 28, 2026 Apr 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
CVE-2024-31012 1Sem Cms 1Semcms Apr 4, 2025 Apr 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
CVE-2024-29514 1Lepton Cms 1Leptoncms May 1, 2025 Apr 2, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-3129 1Rems 1Image Accordion Gallery App Jun 24, 2025 Apr 1, 2024 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_na...Show more A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability.Show less
CVE-2024-30533 - - Apr 28, 2026 Mar 31, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Techeshta Layouts for Elementor.This issue affects Layouts for Elementor: from n/a before 1.8.
CVE-2024-31115 - - Apr 28, 2026 Mar 31, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 7.2.
CVE-2024-31114 - - Apr 28, 2026 Mar 31, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVE-2024-3117 1Youdiancms 1Youdiancms Jun 30, 2025 Mar 31, 2024 N/A· v4 4.7 MEDIUM· v3 5.8 MEDIUM· v2 A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads t...Show more A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-46808 1Ivanti 1Neurons For Itsm Nov 21, 2024 Mar 31, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root us...Show more An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. Show less
CVE-2024-30510 1Salonbookingsystem 1Salon Booking System Apr 28, 2026 Mar 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.
CVE-2024-30500 1Cubewp 1Cubewp Apr 28, 2026 Mar 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12.
CVE-2024-28713 1Mtons 1Mblog Sep 23, 2025 Mar 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
CVE-2024-2890 - - Apr 28, 2026 Mar 28, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
CVE-2024-29100 1Meowapps 1Ai Engine Apr 28, 2026 Mar 28, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVE-2024-29891 1Zitadel 1Zitadel Jan 8, 2025 Mar 27, 2024 N/A· v4 8.7 HIGH· v3 N/A· v2 ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scen...Show more ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.Show less
CVE-2023-49815 - - Apr 28, 2026 Mar 27, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.
CVE-2024-1532 - - Nov 21, 2024 Mar 27, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized u...Show more A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.Show less
CVE-2024-1531 - - Nov 21, 2024 Mar 27, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user u...Show more A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.Show less
CVE-2024-2930 1Oretnom23 1Music Gallery Site Feb 18, 2025 Mar 27, 2024 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulati...Show more A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.Show less
CVE-2023-48777 1Elementor 1Website Builder Apr 28, 2026 Mar 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

Previous 1...939495...206 Next