Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-27881

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-07 Jun, 2023 | 21:48
Updated At-06 Jan, 2025 | 19:57
Rejected At-
Credits

PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type

A user could use the “Upload Resource” functionality to upload files to any location on the disk.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:07 Jun, 2023 | 21:48
Updated At:06 Jan, 2025 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)
PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type

A user could use the “Upload Resource” functionality to upload files to any location on the disk.

Affected Products
Vendor
PTC
Product
Vuforia Studio
Default Status
unaffected
Versions
Affected
  • From 0 before 9.9 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434: Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434: Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

PTC recommends users upgrade to Vuforia Studio release 9.9 https://support.ptc.com/help/vuforia/studio/en/ or higher.

Configurations
Workarounds
Exploits
Credits
finder
Lockheed Martin—Red Team reported these vulnerabilities to PTC.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
N/A
Hyperlink: https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
x_transferred
Hyperlink: https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:07 Jun, 2023 | 22:15
Updated At:16 Jun, 2023 | 13:37

A user could use the “Upload Resource” functionality to upload files to any location on the disk.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Secondary3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
ptc
ptc
>>vuforia_studio>>Versions before 9.9(exclusive)
cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primaryics-cert@hq.dhs.gov
CWE ID: CWE-434
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13ics-cert@hq.dhs.gov
Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13nvd@nist.gov
Third Party Advisory
US Government Resource
Hyperlink: https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
Source: ics-cert@hq.dhs.gov
Resource:
Broken Link
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
Source: nvd@nist.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

142Records found
CVE-2024-8614
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-12.82% / 93.86%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 08:29
Updated-08 Nov, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-eyecixhttps://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856eyecix
Product-jobsearch_wp_job_boardJobSearch WP Job Boardjobsearch_wp_job_board
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8463
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.10% / 28.74%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 12:49
Updated-12 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

Action-Not Available
Vendor-PHPGurukul LLP
Product-job_portalJob Portaljob_portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5853
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-10.48% / 93.09%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 05:37
Updated-05 Dec, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-sirvsirvsirv
Product-sirvImage Optimizer, Resizer and CDN – Sirvimage_optimizer\,_resizer_and_cdn
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-39424
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-9.9||CRITICAL
EPSS-0.41% / 60.81%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 12:25
Updated-26 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials. 

Action-Not Available
Vendor-resortdataResort Data Processing, Inc.
Product-internet_reservation_module_next_generationIRM Next Generation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-57968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-25.14% / 96.05%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 00:00
Updated-04 Nov, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

Action-Not Available
Vendor-advantiveAdvantiveAdvantive
Product-veracoreVeraCoreVeraCore
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56050
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG-0.20%
Published-18 Dec, 2024 | 18:56
Updated-12 Dec, 2025 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG-0.20%
Published-18 Dec, 2024 | 18:55
Updated-12 Dec, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG-0.20%
Published-18 Dec, 2024 | 18:52
Updated-12 Dec, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.76%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0.

Action-Not Available
Vendor-SuitePlugins
Product-Video & Photo Gallery for Ultimate Member
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-45.95% / 97.54%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.

Action-Not Available
Vendor-Siddharth Nagar
Product-Import Export For WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:35
Updated-15 Nov, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.

Action-Not Available
Vendor-Sage AIsageai
Product-Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generationsage_ai
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:51
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 Reply Manager plugin <= 1.2.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3.

Action-Not Available
Vendor-Bigfivebigfive
Product-CF7 Reply Managercontact_form_7
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52399
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 22:06
Updated-19 Nov, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Writer Helper plugin <= 3.1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.

Action-Not Available
Vendor-Clarisse K.clarisse_k
Product-Writer Helperwriter_helper
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52369
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:16
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.

Action-Not Available
Vendor-Optimal Access Inc.optimal_access
Product-KBucketkbucket
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52403
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:53
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.

Action-Not Available
Vendor-WPExpertswpexperts
Product-User Managementuser_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52400
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 22:04
Updated-19 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.

Action-Not Available
Vendor-Subhasis Lahasubhasis_laha
Product-Galleriogallerio
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52405
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:50
Updated-19 Nov, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1.

Action-Not Available
Vendor-Bikram Joshibikram_joshi
Product-B-Banner Sliderb-banner_slider
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52406
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:47
Updated-19 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04.

Action-Not Available
Vendor-Wibergs Webwibergs_web
Product-CSV to htmlcvs_to_html
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-31090
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 54.09%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:45
Updated-05 Feb, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elementsunlimited-elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-31215
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 54.09%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:59
Updated-20 Nov, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.

Action-Not Available
Vendor-amadercodeAmaderCode Lab
Product-dropshipping_\&_affiliation_with_amazonDropshipping & Affiliation with Amazon
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:13
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.

Action-Not Available
Vendor-Hive Supporthivesupport
Product-Hive Support – WordPress Help Deskhive_support
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-31231
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.30%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:56
Updated-14 Oct, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52408
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:44
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.

Action-Not Available
Vendor-Team PushAssistpushassist
Product-Push Notifications for WordPress by PushAssistpush_notifications
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-34.73% / 96.91%
||
7 Day CHG+1.89%
Published-18 Nov, 2024 | 14:19
Updated-20 Nov, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.

Action-Not Available
Vendor-antonhoelstadAnton Hoelstadanton_hoelstad
Product-wp_quick_setupWP Quick Setupwp_quick_setup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-23280
Matching Score-4
Assigner-Eaton
ShareView Details
Matching Score-4
Assigner-Eaton
CVSS Score-8||HIGH
EPSS-0.12% / 31.59%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:04
Updated-16 Sep, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File upload

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability.

Action-Not Available
Vendor-eatonEaton
Product-intelligent_power_managerintelligent_power_protectorintelligent_power_manager_virtual_applianceIntelligent Power manager (IPM)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.99%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:58
Updated-29 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.

Action-Not Available
Vendor-azexoazexo
Product-Marketing Automation by AZEXOmarketing_automation_by_azexo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51548
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.7||HIGH
EPSS-0.22% / 43.93%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 12:52
Updated-05 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dangerous File Upload

Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Action-Not Available
Vendor-ABB
Product-MATRIX SeriesNEXUS SeriesASPECT-Enterpriseaspect_enterprisenexus_seriesmatrix_series
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:41
Updated-06 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.

Action-Not Available
Vendor-rudrainnovativeRudra Innnovative Softwarerudra_innovative_software
Product-training_-_coursesTraining – Coursestraining_courses
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52407
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:46
Updated-19 Nov, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.

Action-Not Available
Vendor-codeSavorycodesavory
Product-BasePress Migration Toolsbasepress_migration_tools
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50511
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-30 Oct, 2024 | 07:47
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through 1.0.1.

Action-Not Available
Vendor-David DONISA
Product-WP donimedia carousel
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:40
Updated-06 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stars SMTP Mailer plugin <= 1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-stars_smtp_mailerStars SMTP Mailerstars_smtp_mailer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-6965
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.9||CRITICAL
EPSS-0.30% / 52.88%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:06
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mas700clinical_information_center_mp100dclinical_information_center_mp100d_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_b850_monitor_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwarecarescape_b450_monitorcarescape_b650_monitorapexpro_telemetry_server_firmwarecarescape_central_station_mai700_firmwarecarescape_central_station_mai700apexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100r_firmwarecarescape_b450_monitor_firmwarecarescape_b650_monitor_firmwarecarescape_b850_monitorGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.07% / 83.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:02
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-25510
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.33% / 55.54%
||
7 Day CHG+0.02%
Published-03 Feb, 2026 | 21:17
Updated-10 Feb, 2026 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. This issue has been patched in version 0.28.5.0.

Action-Not Available
Vendor-ci4-cms-erpci4-cms-erp
Product-ci4msci4ms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-35945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.23% / 84.22%
||
7 Day CHG~0.00%
Published-01 Jan, 2021 | 03:28
Updated-04 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.

Action-Not Available
Vendor-elegantthemesn/a
Product-divi_builderextradivin/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:39
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.

Action-Not Available
Vendor-ReneeCussackreneecussack
Product-3D Work In Progress3d_work_in_progress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.39% / 59.80%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:37
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.

Action-Not Available
Vendor-Ecomerciarecomerciar
Product-Woocommerce Custom Profile Picturewoocommerce_custom_profile_picture
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-21877
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-16.06% / 94.63%
||
7 Day CHG+1.49%
Published-08 Jan, 2026 | 00:39
Updated-20 Jan, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
n8n is vulnerable to Remote Code Execution via Arbitrary File Write

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

Action-Not Available
Vendor-n8nn8n-io
Product-n8nn8n
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-42925
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.71% / 71.82%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 19:58
Updated-06 May, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.

Action-Not Available
Vendor-formalmsForma
Product-formalmsForma LMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:34
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through 1.1.8.

Action-Not Available
Vendor-Dogu Pekgozpostpix
Product-AI Image Generator for Your Content & Featured Images – AI Postpixai_postpix
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-64.56% / 98.41%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 08:31
Updated-29 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.

Action-Not Available
Vendor-Devsoft Baltic OÜdevsoft_baltic
Product-SurveyJS: Drag & Drop WordPress Form Buildersurveyjs
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:35
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.

Action-Not Available
Vendor-Alexander De Ridderalexander_de_ridder
Product-INK Officialink_official
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-52.78% / 97.87%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:38
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.

Action-Not Available
Vendor-James Eggersjames_egger
Product-Portfolleoportfolleo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41681
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.71% / 71.82%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 19:59
Updated-06 May, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Upload vulnerability in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection.

Action-Not Available
Vendor-formalmsForma
Product-formalmsForma LMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.88% / 74.95%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:38
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.

Action-Not Available
Vendor-Limblimb
Product-WordPress Gallery Plugin – Limb Image Gallerylimb_image_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48035
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.99%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:05
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.

Action-Not Available
Vendor-Takayuki Imanishitakayukiimanishi
Product-ACF Images Search And Insertacf_images_search_and_insert
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41267
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.9||CRITICAL
EPSS-0.53% / 66.93%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 02:39
Updated-22 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformBusinessObjects Business Intelligence Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40200
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.85% / 74.49%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 22:00
Updated-20 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability

Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpforo_forumwpForo Forum (WordPress plugin)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:43
Updated-24 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-property_lot_management_systemProperty Lot Management Systemproperty_lot_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48027
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.77%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:07
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2.

Action-Not Available
Vendor-xaraartechxaraartech
Product-External featured image from bingexternal_featured_image_from_bing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found