CWE-434
4,107 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CVEs (4,107)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Eaton 3Intelligent Power Manager Intelligent Power Manager Virtual ApplianceIntelligent Power ProtectorJun 17, 2026 Apr 13, 2021 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action....Show more |
1Easy Form Builder By Bitware Project 1Easy Form Builder By Bitware Jun 17, 2026 Apr 12, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users...Show more |
1N5 Upload Form Project 1N5 Upload Form Jun 17, 2026 Apr 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's...Show more |
1Williamluis 1Wp Curriculo Vitae Free Jun 17, 2026 Apr 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their...Show more |
1Thrivethemes 10Focusblog IgnitionLuxe+7 moreJun 17, 2026 Apr 12, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme befor...Show more |
1Sonicwall 11Email Security Email Security Appliance 3300 FirmwareEmail Security Appliance 4300 Firmware+8 moreJun 17, 2026 Apr 9, 2021 N/A· v4 7.2 HIGH· v3 7.5 HIGH· v2 SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. |
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a ....Show more |
1Deltaflow Project 1Deltaflow Jun 17, 2026 Apr 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. |
Composr 10.0.36 allows upload and execution of PHP files. |
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/...Show more |
1Vanquish 1Woocommerce Upload Files Jun 17, 2026 Apr 5, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "bl...Show more |
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be ac...Show more |
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary...Show more |
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. |
1F5 14Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+11 moreJun 17, 2026 Mar 31, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM...Show more |
1Simple College Project 1Simple College Jun 17, 2026 Mar 31, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/a...Show more |
1Insma 1Wifi Mini Spy 1080p Hd Security Ip Camera Firmware Jun 17, 2026 Mar 30, 2021 N/A· v4 6.2 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD car...Show more |
1Netgear 1Prosafe Network Management System Jun 17, 2026 Mar 29, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The spec...Show more |
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without re...Show more |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and sub...Show more |