CWE-434
4,107 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CVEs (4,107)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is...Show more |
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. |
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. |
1Filemanagerpro 1File Manager Jun 17, 2026 Sep 9, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension....Show more |
1Projectworlds 1Car Rental Project Jun 17, 2026 Sep 9, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. |
1Online Bike Rental Project 1Online Bike Rental Jun 17, 2026 Sep 9, 2020 N/A· v4 9.1 CRITICAL· v3 6.5 MEDIUM· v2 An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. |
1Sap 1Businessobjects Business Intelligence Platform Jun 17, 2026 Sep 9, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading...Show more |
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary co...Show more |
1Zohocorp 1Manageengine Applications Manager Jun 17, 2026 Sep 4, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. |
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to...Show more |
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote...Show more |
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded...Show more |
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uplo...Show more |
1Projectworlds 1Travel Management System Jun 17, 2026 Aug 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code executio...Show more |
1Projectworlds 1House Rental And Property Listing Project Jun 17, 2026 Aug 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. |
1Online Bike Rental Project 1Online Bike Rental Jun 17, 2026 Aug 27, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. |
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which...Show more |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authent...Show more |
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX...Show more |
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the app...Show more |