CWE-434— Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.— MITRE CWE catalog
4,081 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-434page 56 of 82
- CVE-2024-50529CRITICALCVSS 9.9EG 9.92024-11-04
Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training – Courses training allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through <= 2.0.1.
- CVE-2024-50530CRITICALCVSS 9.9EG 9.92024-11-04
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through <= 2.2.1.
- CVE-2024-50531CRITICALCVSS 10.0EG 10.02024-11-04
Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through <= …
- CVE-2024-50620HIGHCVSS 8.8EG 8.82026-02-11
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich…
- CVE-2024-50623CRITICALCVSS 9.8EG 9.8⚠ KEV2024-10-28
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
- CVE-2024-50625HIGHCVSS 8.0EG 8.02024-12-09
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific di…
- CVE-2024-50652MEDIUMCVSS 4.3EG 6.32024-11-15
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.
- CVE-2024-5080HIGHCVSS 8.8EG 8.82024-07-13
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server
- CVE-2024-5084CRITICALCVSS 9.8EG 9.82024-05-23
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it pos…
- CVE-2024-51152HIGHCVSS 7.2EG 7.22024-11-08
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.
- CVE-2024-51208HIGHCVSS 7.2EG 7.22024-11-20
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.
- CVE-2024-5125HIGHCVSS 7.3EG 7.32024-11-14
parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malic…
- CVE-2024-51364HIGHCVSS 8.8EG 8.82024-11-21
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file.
- CVE-2024-51366CRITICALCVSS 9.8EG 9.82024-11-21
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.
- CVE-2024-5145MEDIUMCVSS 6.3EG 6.32024-05-20
A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation …
- CVE-2024-51499HIGHCVSS 8.8EG 8.82024-11-18
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated u…
- CVE-2024-51548CRITICALCVSS 9.9EG 9.92024-12-05
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- CVE-2024-51743HIGHCVSS 8.8EG 8.82024-11-18
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors t…
- CVE-2024-51788CRITICALCVSS 10.0EG 10.02024-11-11
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from …
- CVE-2024-51789CRITICALCVSS 10.0EG 10.02024-11-11
Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through <= 1.0.0.
- CVE-2024-51790CRITICALCVSS 10.0EG 10.02024-11-11
Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through <= 3.0.
- CVE-2024-51791CRITICALCVSS 10.0EG 10.02024-11-11
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.8.0.
- CVE-2024-51792CRITICALCVSS 10.0EG 10.02024-11-11
Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through <= 1.0.
- CVE-2024-51793CRITICALCVSS 10.0EG 10.02024-11-11
Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.
- CVE-2024-51919CRITICALCVSS 9.0EG 9.02025-01-21
Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.
- CVE-2024-51991MEDIUMCVSS 4.9EG 4.92025-05-05
October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sa…
- CVE-2024-5226MEDIUMCVSS 6.4EG 6.42024-08-08
The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it po…
- CVE-2024-52302HIGHCVSS 8.7EG 8.72024-11-14
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-pict…
- CVE-2024-52369CRITICALCVSS 9.9EG 9.92024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through <= 4.2.2.
- CVE-2024-52370CRITICALCVSS 9.9EG 9.92024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.
- CVE-2024-52372CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through <= 7.0.0.
- CVE-2024-52373CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through <= 2.0.1.
- CVE-2024-52374CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through <= 1.5.5.
- CVE-2024-52375CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.
- CVE-2024-52376CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <…
- CVE-2024-52377CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2.
- CVE-2024-52379CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through …
- CVE-2024-52380CRITICALCVSS 10.0EG 10.02024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.
- CVE-2024-52384CRITICALCVSS 9.9EG 9.92024-11-14
Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Cha…
- CVE-2024-52397CRITICALCVSS 9.1EG 9.12024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through <= 1.4.
- CVE-2024-52398CRITICALCVSS 9.1EG 9.12024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3.
- CVE-2024-52399CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <= 3.1.6.
- CVE-2024-52400CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through <= 1.01.
- CVE-2024-52403CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1.
- CVE-2024-52404CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3.
- CVE-2024-52405CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through <= 1.1.
- CVE-2024-52406CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26.
- CVE-2024-52407CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.…
- CVE-2024-52408CRITICALCVSS 9.9EG 9.92024-11-16
Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notificatio…
- CVE-2024-52429CRITICALCVSS 9.9EG 9.92024-11-18
Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through <= 2.0.
Map vulnerabilities like CWE-434 to your infrastructure
EchelonGraph correlates every CVE — across CWE-434 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →