CWE-434
4,107 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CVEs (4,107)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Online Driving School Project Project 1Online Driving School Project Jun 17, 2026 Sep 7, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted u...Show more |
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. |
1Garage Management System Project 1Garage Management System Jun 17, 2026 Aug 31, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
1Online Ordering System Project 1Online Ordering System Jun 17, 2026 Aug 31, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. |
1Garage Management System Project 1Garage Management System Jun 17, 2026 Aug 31, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. |
1Seiko Sol 2Skybridge Mb A100 Firmware Skybridge Mb A110 FirmwareJun 17, 2026 Aug 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted...Show more |
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. |
72crm 9.0 has an Arbitrary file upload vulnerability. |
1Uploading Svg, Webp And Ico Files Project 1Uploading Svg, Webp And Ico Files Jun 17, 2026 Aug 23, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. |
1Ibm 4Hardware Management Console 7063 Cr2 Firmware Power System Ac922 (8335 Gtg) FirmwarePower System Ac922 (8335 Gth) Firmware+1 moreJun 17, 2026 Aug 22, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. |
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. |
1Advancedcustomfields 1Advanced Custom Fields Jun 17, 2026 Aug 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possi...Show more |
1Simple And Nice Shopping Cart Script Project 1Simple And Nice Shopping Cart Script Jun 17, 2026 Aug 20, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The mani...Show more |
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including ph...Show more |
1Phpgurukul 1Zoo Management System Jun 17, 2026 Aug 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads...Show more |
1Gas Agency Management System Project 1Gas Agency Management System Jun 17, 2026 Aug 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulati...Show more |
1Company Website Cms Project 1Company Website Cms Jun 17, 2026 Aug 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument...Show more |
1Company Website Cms Project 1Company Website Cms Jun 17, 2026 Aug 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipul...Show more |
1Gym Management System Project 1Gym Management System Jun 17, 2026 Aug 11, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manip...Show more |
1Simple Online Book Store System Project 1Simple Online Book Store System Jun 17, 2026 Aug 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted uplo...Show more |