Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-49257

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Oct, 2024 | 12:56
Updated At-16 Oct, 2024 | 14:29
Rejected At-
Credits

WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Oct, 2024 | 12:56
Updated At:16 Oct, 2024 | 14:29
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.

Affected Products
Vendor
Denis
Product
Azz Anonim Posting
Collection URL
https://wordpress.org/plugins
Package Name
azz-anonim-posting
Default Status
unaffected
Versions
Affected
  • From n/a through 0.9 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-650CAPEC-650 Upload a Web Shell to a Web Server
CAPEC ID: CAPEC-650
Description: CAPEC-650 Upload a Web Shell to a Web Server
Solutions
Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
denis
Product
azz_anonim_posting
CPEs
  • cpe:2.3:a:denis:azz_anonim_posting:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 0.9 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Oct, 2024 | 13:15
Updated At:16 Oct, 2024 | 16:38

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Secondaryaudit@patchstack.com
CWE ID: CWE-434
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2022-47190
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.72% / 71.63%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-11 Feb, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCE via file upload vulnerability in Generex CS141

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.

Action-Not Available
Vendor-generexGenerex
Product-cs141_firmwarecs141UPS CS141
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-47893
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-1.72% / 81.64%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 11:28
Updated-23 Sep, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetMan 204 Remote Code Execution

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.

Action-Not Available
Vendor-riello-upsRiello UPSriello-ups
Product-netman_204_firmwarenetman_204Netman-204netman_204_firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25913
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 15:15
Updated-08 May, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Action-Not Available
Vendor-skymoonlabsSkymoonlabsskymoonlabs
Product-movetoMoveTomoveto
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-46839
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 10:44
Updated-17 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

Action-Not Available
Vendor-wiselyhubJS Help Desk
Product-js_help_deskJS Help Desk – Best Help Desk & Support Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-26 Jun, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5.

Action-Not Available
Vendor-merkulove
Product-Reformer for Elementor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-35949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-13.31% / 93.90%
||
7 Day CHG~0.00%
Published-01 Jan, 2021 | 03:27
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

Action-Not Available
Vendor-expresstechn/a
Product-quiz_and_survey_mastern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49447
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.

Action-Not Available
Vendor-Fastw3b LLC
Product-FW Food Menu
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49414
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:17
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FW Gallery <= 8.0.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.

Action-Not Available
Vendor-Fastw3b LLC
Product-FW Gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through 5.0.6.

Action-Not Available
Vendor-HaruTheme
Product-Drag and Drop Multiple File Upload (Pro) - WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49071
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a.

Action-Not Available
Vendor-NasaTheme
Product-Flozen
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-27 May, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.

Action-Not Available
Vendor-StoreKeeper B.V.
Product-StoreKeeper for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47642
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5.

Action-Not Available
Vendor-Ajar Productions
Product-Ajar in5 Embed
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-48148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 17.40%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.

Action-Not Available
Vendor-StoreKeeper B.V.
Product-StoreKeeper for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47637
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.

Action-Not Available
Vendor-STAGGS
Product-STAGGS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47641
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8.

Action-Not Available
Vendor-printcart
Product-Printcart Web to Print Product Designer for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40981
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 21:31
Updated-17 Sep, 2024 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Action-Not Available
Vendor-etictelecomETIC Telecom
Product-ras-c-100-lwrfm-eras-ecw-220-lwras-ec-400-lwras-e-220ras-ew-100ras-ew-400ras-e-100ras-e-400ras-ew-220remote_access_server_firmwareras-ecw-400-lwras-ec-220-lwras-ec-480-lwRemote Access Server (RAS)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-39401
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:26
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

Action-Not Available
Vendor-mojoomla
Product-WPAMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:10
Updated-15 Nov, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.

Action-Not Available
Vendor-DoThatTaskdothattask
Product-Do That Taskdo_that_task
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.05% / 14.66%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 18:15
Updated-05 Jun, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TI WooCommerce Wishlist < 2.10.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0.

Action-Not Available
Vendor-TemplateInvaders
Product-TI WooCommerce Wishlist
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-56.72% / 98.03%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:09
Updated-15 Nov, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.

Action-Not Available
Vendor-Arttia Creativearttia_creative
Product-Datasets Manager by Arttia Creativedatasets_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:08
Updated-15 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.

Action-Not Available
Vendor-cmsMindscmsminds
Product-Boat Rental Plugin for WordPressboat_rental_plugin_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-39380
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:36
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).

Action-Not Available
Vendor-mojoomla
Product-Hospital Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52373
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:11
Updated-15 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.

Action-Not Available
Vendor-Team Devexhubteam_devexhub
Product-Devexhub Gallerydevexhub_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0643
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 13:44
Updated-02 Jun, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.

Action-Not Available
Vendor-cires21Cires21
Product-live_encoderC21 Live Encoder and Live Mosaic
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0916
Matching Score-4
Assigner-Pentraze Cybersecurity
ShareView Details
Matching Score-4
Assigner-Pentraze Cybersecurity
CVSS Score-10||CRITICAL
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 23:02
Updated-06 Aug, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Code Execution in UvDesk Community

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.

Action-Not Available
Vendor-Webkul Software Pvt. Ltd.
Product-UvDesk Communityuvdesk
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.86%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.

Action-Not Available
Vendor-JoomSky
Product-JS Job Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SUMO Affiliates Pro <= 10.7.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0.

Action-Not Available
Vendor-FantasticPlugins
Product-SUMO Affiliates Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:57
Updated-12 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.

Action-Not Available
Vendor-UjW0Lujwol
Product-Image Classifyimage_classify
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-30 Jul, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ovatheme Ovatheme Events Manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through 1.8.4.

Action-Not Available
Vendor-Ovatheme
Product-Ovatheme Events Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-30933
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:18
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LogisticsHub <= 1.1.6 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.

Action-Not Available
Vendor-LiquidThemes
Product-LogisticsHub
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-31324
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-30.21% / 96.51%
||
7 Day CHG-2.55%
Published-24 Apr, 2025 | 16:50
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-20||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Action-Not Available
Vendor-SAP SE
Product-netweaverSAP NetWeaver (Visual Composer development server)NetWeaver
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-29009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3.

Action-Not Available
Vendor-Webkul Software Pvt. Ltd.
Product-Medical Prescription Attachment Plugin for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.86%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3.

Action-Not Available
Vendor-EPC
Product-AI Hub
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 15:52
Updated-24 Feb, 2025 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.

Action-Not Available
Vendor-NotFound
Product-Chaty Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-23953
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.11% / 30.58%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.

Action-Not Available
Vendor-Innovative Solutions
Product-user files
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-22654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-2.93% / 85.87%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 19:54
Updated-18 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6.

Action-Not Available
Vendor-kodeshpa
Product-Simplified
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-25213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 00:00
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.

Action-Not Available
Vendor-webdesi9n/aWordPress.org
Product-file_managern/aFile Manager Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-24186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-93.54% / 99.82%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 13:02
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

Action-Not Available
Vendor-gvectorsn/a
Product-wpdiscuzn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.05%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:09
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP MLM Unilevel Plugin <= 4.0 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.

Action-Not Available
Vendor-wpmlmsoftwareIOSS
Product-wp_mlm_unilevelWP MLM SOFTWARE PLUGIN
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-22504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18.

Action-Not Available
Vendor-jumpdemand
Product-4ECPS Web Forms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-35489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-90.11% / 99.57%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 18:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.

Action-Not Available
Vendor-rocklobstern/a
Product-contact_form_7n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9985
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-10||CRITICAL
EPSS-0.48% / 63.98%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 08:20
Updated-16 Oct, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ragic Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.

Action-Not Available
Vendor-Ragic Corporation
Product-enterprise_cloud_databaseEnterprise Cloud Databaseenterprise_cloud_database
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8615
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-10||CRITICAL
EPSS-12.59% / 93.69%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 08:29
Updated-08 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-eyecixhttps://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856eyecix
Product-jobsearch_wp_job_boardJobSearch WP Job Boardjobsearch_wp_job_board
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-1519
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.22% / 44.62%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:00
Updated-16 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

Action-Not Available
Vendor-illuminaIllumina
Product-nextseq_550dxmiseqiseq_100nextseq_500miniseqnextseq_550miseq_dxlocal_run_managerNextSeq 550DxNextSeq 550 InstrumentiSeq 100 InstrumentMiSeq InstrumentNextSeq 500 InstrumentMiniSeq InstrumentMiSeq Dx
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8940
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.24% / 46.41%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 11:48
Updated-01 Oct, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability on Scriptcase

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.

Action-Not Available
Vendor-scriptcaseScriptcasescriptcase
Product-scriptcaseScriptcasescriptcase
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-7268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-3.49% / 87.12%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:43
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_50p_firmwarelinear_emerge_50plinear_emerge_5000p_firmwarelinear_emerge_5000pn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-7257
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-38.19% / 97.12%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 18:16
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge E3-Series devices allow Unrestricted File Upload.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_essential_firmwarelinear_emerge_elitelinear_emerge_elite_firmwarelinear_emerge_essentialn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 00:00
Updated-06 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56046
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.25% / 47.84%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:53
Updated-31 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.

Action-Not Available
Vendor-VibeThemes
Product-WPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52372
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:12
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.

Action-Not Available
Vendor-WebTechGlobalwebtechglobal
Product-Easy CSV Importer BETAeasy_csv_importer_beta
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found