Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-40981

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-10 Nov, 2022 | 21:31
Updated At-16 Sep, 2024 | 23:40
Rejected At-
Credits

ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:10 Nov, 2022 | 21:31
Updated At:16 Sep, 2024 | 23:40
Rejected At:
▼CVE Numbering Authority (CNA)
ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Affected Products
Vendor
ETIC Telecom
Product
Remote Access Server (RAS)
Default Status
unaffected
Versions
Affected
  • From 0 through 4.5.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

ETIC Telecom recommends updating the firmware of the affected devices to the following versions: * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ For the installed devices, ETIC Telecom recommends: * For all firmware versions 4.7.0 and above, only valid configuration files can be uploaded to the device. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.

Configurations
Workarounds
Exploits
Credits
finder
Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
N/A
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:10 Nov, 2022 | 22:15
Updated At:17 Sep, 2024 | 00:15

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Secondary3.15.9MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CPE Matches
etictelecom
etictelecom
>>ras-c-100-lw>>-
cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-e-100>>-
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-e-220>>-
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-e-400>>-
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ec-220-lw>>-
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ec-400-lw>>-
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ec-480-lw>>-
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ecw-220-lw>>-
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ecw-400-lw>>-
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ew-100>>-
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ew-220>>-
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ew-400>>-
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>rfm-e>>-
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>remote_access_server_firmware>>Versions up to 4.5.0(inclusive)
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE-434Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-434
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01ics-cert@hq.dhs.gov
Patch
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Source: ics-cert@hq.dhs.gov
Resource:
Patch
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2022-3703
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.6||HIGH
EPSS-0.05% / 16.32%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 21:32
Updated-16 Apr, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.

Action-Not Available
Vendor-etictelecomETIC Telecom
Product-ras-c-100-lwrfm-eras-ecw-220-lwras-ec-400-lwras-e-220ras-ew-100ras-ew-400ras-e-100ras-e-400ras-ew-220remote_access_server_firmwareras-ecw-400-lwras-ec-220-lwras-ec-480-lwRemote Access Server (RAS)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-46839
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 10:44
Updated-17 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

Action-Not Available
Vendor-wiselyhubJS Help Desk
Product-js_help_deskJS Help Desk – Best Help Desk & Support Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-53822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.77%
||
7 Day CHG+0.04%
Published-09 Dec, 2024 | 12:24
Updated-09 Dec, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

Action-Not Available
Vendor-Genetechgenetechsolutions
Product-Pie Register Premiumpie_register
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56064
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-23.22% / 95.73%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:54
Updated-31 Dec, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.

Action-Not Available
Vendor-Azzaroco
Product-WP SuperBackup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.77%
||
7 Day CHG+0.04%
Published-06 Dec, 2024 | 13:07
Updated-20 Dec, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.

Action-Not Available
Vendor-Roninwproninwp
Product-Revyrevy
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:10
Updated-15 Nov, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.

Action-Not Available
Vendor-DoThatTaskdothattask
Product-Do That Taskdo_that_task
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-56.72% / 98.03%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:09
Updated-15 Nov, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.

Action-Not Available
Vendor-Arttia Creativearttia_creative
Product-Datasets Manager by Arttia Creativedatasets_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:08
Updated-15 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.

Action-Not Available
Vendor-cmsMindscmsminds
Product-Boat Rental Plugin for WordPressboat_rental_plugin_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:40
Updated-15 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8.

Action-Not Available
Vendor-Kinetic Innovative Technologies Sdn Bhdkinetic_innovative_technologies_sdn_bhd
Product-kineticPay for WooCommercekineticpay_for_woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG+0.04%
Published-28 Nov, 2024 | 10:42
Updated-29 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1.

Action-Not Available
Vendor-Pathomationpathomation
Product-Pathomationpathomation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52373
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:11
Updated-15 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.

Action-Not Available
Vendor-Team Devexhubteam_devexhub
Product-Devexhub Gallerydevexhub_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.77%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3.

Action-Not Available
Vendor-stefanbohacekstefanbohacek
Product-Fediverse Embedsfediverse_embeds
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51793
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-40.81% / 97.28%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:52
Updated-14 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115.

Action-Not Available
Vendor-webfulcreationsWebful Creationswebfulcreations
Product-computer_repair_shopComputer Repair Shopcomputer_repair_shop
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:57
Updated-12 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.

Action-Not Available
Vendor-UjW0Lujwol
Product-Image Classifyimage_classify
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-24.00% / 95.81%
||
7 Day CHG+0.94%
Published-30 Oct, 2024 | 07:54
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through 6.2.

Action-Not Available
Vendor-Web and Print Design
Product-AR For Woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50484
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.94% / 75.33%
||
7 Day CHG+0.14%
Published-29 Oct, 2024 | 07:56
Updated-29 Oct, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.

Action-Not Available
Vendor-mahlamusamahlamusa
Product-Multi Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG+0.07%
Published-28 Oct, 2024 | 20:56
Updated-08 Nov, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.

Action-Not Available
Vendor-widgilabsWidgiLabswidgilabs
Product-plugin_propagatorPlugin Propagatorplugin_propagator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.92% / 74.99%
||
7 Day CHG+0.07%
Published-04 Nov, 2024 | 13:43
Updated-06 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.

Action-Not Available
Vendor-lindenimahlamusamahlamusa
Product-multi_purpose_mail_formMulti Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.30%
||
7 Day CHG+0.03%
Published-04 Nov, 2024 | 13:39
Updated-06 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.

Action-Not Available
Vendor-carrcommunicationsDavid F. Carrdavidfcarr
Product-rsvpmakerRSVPMaker for Toastmastersrsvpmarker
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:59
Updated-23 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0.

Action-Not Available
Vendor-paxmanPaxmanpaxman
Product-product_website_showcaseProduct Website Showcaseproduct_website_showcase
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5243
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-10||CRITICAL
EPSS-0.38% / 58.34%
||
7 Day CHG-0.01%
Published-24 Jul, 2025 | 12:45
Updated-25 Jul, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Upload in SMG Software's Information Portal

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion.This issue affects Information Portal: before 13.06.2025.

Action-Not Available
Vendor-SMG Software
Product-Information Portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:45
Updated-24 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.

Action-Not Available
Vendor-brx8rbrx8rbrx8r
Product-nice_backgroundsNice Backgroundsnice_backgrounds
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:39
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.

Action-Not Available
Vendor-Shafiqshafiq
Product-Digital Lotterydigital_library
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-35949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-13.31% / 93.90%
||
7 Day CHG~0.00%
Published-01 Jan, 2021 | 03:27
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

Action-Not Available
Vendor-expresstechn/a
Product-quiz_and_survey_mastern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-35489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-90.11% / 99.57%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 18:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.

Action-Not Available
Vendor-rocklobstern/a
Product-contact_form_7n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.25% / 47.84%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-07 Jan, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.

Action-Not Available
Vendor-ThemeGlow
Product-JobBoard Job listing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43160
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-70.16% / 98.61%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 11:41
Updated-13 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.

Action-Not Available
Vendor-BerqWPberqier
Product-BerqWPberqwp
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-25213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 00:00
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.

Action-Not Available
Vendor-webdesi9n/aWordPress.org
Product-file_managern/aFile Manager Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.86%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.

Action-Not Available
Vendor-JoomSky
Product-JS Job Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-24186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-93.54% / 99.82%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 13:02
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

Action-Not Available
Vendor-gvectorsn/a
Product-wpdiscuzn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-1519
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.22% / 44.62%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:00
Updated-16 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

Action-Not Available
Vendor-illuminaIllumina
Product-nextseq_550dxmiseqiseq_100nextseq_500miniseqnextseq_550miseq_dxlocal_run_managerNextSeq 550DxNextSeq 550 InstrumentiSeq 100 InstrumentMiSeq InstrumentNextSeq 500 InstrumentMiniSeq InstrumentMiSeq Dx
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-35746
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.56% / 67.13%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:34
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.

Action-Not Available
Vendor-buddypress_cover_projectAsghar HatampoorWordPress.org
Product-buddypress_coverBuddyPress Coverbuddypress_cover
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-42645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-6.88% / 91.00%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 11:14
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.

Action-Not Available
Vendor-cmsimple-xhn/a
Product-cmsimple_xhn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-34990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.29% / 52.08%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-n/ahelpdesk
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.86%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3.

Action-Not Available
Vendor-EPC
Product-AI Hub
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32809
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.17% / 77.81%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:39
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.

Action-Not Available
Vendor-JumpDEMAND Inc.jumpdemand
Product-ActiveDEMANDactivedemand
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-47.15% / 97.60%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:15
Updated-18 Apr, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.

Action-Not Available
Vendor-copymaticCopymaticcopymatic
Product-copymaticCopymatic – AI Content Writer & Generatorcopymatic
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.85% / 82.28%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 09:06
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.

Action-Not Available
Vendor-J.N. Breetvelt a.k.a. OpaJaapopajaap
Product-WP Photo Album Pluswp_photo_album_plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-43936
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-28.67% / 96.36%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 17:39
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Distributed Data Systems WebHM

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

Action-Not Available
Vendor-webhmiDistributed Data Systems
Product-webhmi_firmwarewebhmiWebHMI
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-30510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.91% / 74.87%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:36
Updated-27 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.

Action-Not Available
Vendor-salonbookingsystemSalon Booking Systemsalonbookingsystem
Product-salon_booking_systemSalon booking systemsalon_booking_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-27957
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.51% / 65.56%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 16:21
Updated-08 Aug, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pie Register plugin <= 3.8.3.1 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.

Action-Not Available
Vendor-Pie Registergenetechsolutions
Product-Pie Registerpie_register
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-38397
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.12% / 31.56%
||
7 Day CHG+0.01%
Published-28 Oct, 2022 | 01:21
Updated-16 Apr, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c200eapplication_control_environment_firmwarec300_firmwarec200e_firmwarec300c200_firmwareapplication_control_environmentc200Experion PKS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0643
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 13:44
Updated-02 Jun, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.

Action-Not Available
Vendor-cires21Cires21
Product-live_encoderC21 Live Encoder and Live Mosaic
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6723
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 10:10
Updated-22 May, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in Repox

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.

Action-Not Available
Vendor-europeanaRepox
Product-repoxRepox
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.05%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:12
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TerraClassifieds Plugin <= 2.0.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.

Action-Not Available
Vendor-pixelemuPixelemu
Product-terraclassifiedsTerraClassifieds – Simple Classifieds Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-49815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.05%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:31
Updated-06 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

Action-Not Available
Vendor-WappPress Teamwapppressteam
Product-WappPresswapppress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49668
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-61.80% / 98.27%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:36
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.

Action-Not Available
Vendor-Adminadmin
Product-Verbalize WPverbalize
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50523
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.30%
||
7 Day CHG+0.03%
Published-04 Nov, 2024 | 13:46
Updated-06 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All Post Contact Form plugin <= 1.7.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.

Action-Not Available
Vendor-rainbow-linkRainbowLink Inc.rainbowlink
Product-all_post_contact_formAll Post Contact Formall_post_contact_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49610
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.12%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:38
Updated-24 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.

Action-Not Available
Vendor-jackzhuJack Zhujack_zhu
Product-photokitphotokitphotokit
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:20
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

Action-Not Available
Vendor-Gora Tech LLCboxystudio
Product-Cooked Procooked
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found