Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52398

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Nov, 2024 | 22:08
Updated At-19 Nov, 2024 | 15:21
Rejected At-
Credits

WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Nov, 2024 | 22:08
Updated At:19 Nov, 2024 | 15:21
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.

Affected Products
Vendor
Halyra
Product
CDI
Collection URL
https://wordpress.org/plugins
Package Name
collect-and-deliver-interface-for-woocommerce
Default Status
unaffected
Versions
Affected
  • From n/a through 5.5.3 (custom)
    • -> unaffectedfrom5.5.6
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 5.5.6 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Joshua Chan (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
halyra
Product
cdi
CPEs
  • cpe:2.3:a:halyra:cdi:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.5.3 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Nov, 2024 | 22:15
Updated At:18 Nov, 2024 | 17:11

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Primaryaudit@patchstack.com
CWE ID: CWE-434
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2024-56249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-39.02% / 97.17%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through 1.13.1.

Action-Not Available
Vendor-Webdeclic
Product-WPMasterToolKit
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-38736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.70% / 71.11%
||
7 Day CHG+0.06%
Published-12 Jul, 2024 | 15:21
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.

Action-Not Available
Vendor-Realtynarealtyna
Product-Realtyna Organic IDX pluginrealtyna_organic_idx
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 57.30%
||
7 Day CHG+0.02%
Published-09 Jul, 2024 | 07:21
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Generate PDF using Contact Form 7 plugin <= 4.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.

Action-Not Available
Vendor-zealouswebZealousWebzealousweb
Product-generate_pdf_using_contact_form_7Generate PDF using Contact Form 7generate_pdf_using_contact_form_7
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-35767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 52.55%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 16:00
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4.

Action-Not Available
Vendor-squeeze_projectBogdan Bendziukovbogdan_bendziukov
Product-squeezeSqueezesqueeze
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-36415
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-4.39% / 88.56%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 19:49
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Action-Not Available
Vendor-SalesAgility Ltd.
Product-suitecrmSuiteCRMsuitecrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-34555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-7.91% / 91.66%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 08:41
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Z-Downloads plugin <= 1.11.3 - Auth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

Action-Not Available
Vendor-URBAN BASEurban_base
Product-Z-Downloadsz-downloads
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-34440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.54% / 66.73%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 08:45
Updated-04 Apr, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

Action-Not Available
Vendor-meowappsJordy Meow
Product-ai_engineAI Engine: ChatGPT Chatbot
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-34416
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.39% / 59.29%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 08:53
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1.

Action-Not Available
Vendor-
Product-Pk Favicon Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32954
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 10:37
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

Action-Not Available
Vendor-Tribulant
Product-Newsletters
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32880
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.76% / 72.37%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 17:30
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.

Action-Not Available
Vendor-pyloadpyload
Product-pyloadpyload
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32836
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.29% / 51.90%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 07:23
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11.

Action-Not Available
Vendor-WP Labwplab
Product-WP-Lister Lite for eBaywp-lister_lite_for_ebay
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31345
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-1.04% / 76.52%
||
7 Day CHG+0.27%
Published-07 Apr, 2024 | 17:27
Updated-27 Aug, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.

Action-Not Available
Vendor-Sukhchain Singh
Product-Auto Poster
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31114
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-48.66% / 97.67%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:07
Updated-09 Aug, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.

Action-Not Available
Vendor-Biplob Adhikari (Oxilab Development)
Product-Shortcode Addonsshortcode_addons
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-30231
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.82% / 73.44%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 11:57
Updated-07 Aug, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.

Action-Not Available
Vendor-WebToffeewebtoffee
Product-Product Import Export for WooCommerceproduct_import_export_for_woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-29100
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 31.83%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 05:10
Updated-08 Apr, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

Action-Not Available
Vendor-Jordy Meowjordy_meow
Product-AI Engine: ChatGPT Chatbotai-engine_chatgpt_chatbot
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2890
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.44% / 62.25%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:13
Updated-08 Apr, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tumult Hype Animations plugin <= 1.9.12 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

Action-Not Available
Vendor-Tumult Inc.tumult
Product-Tumult Hype Animationstumult_hype_animations
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56054
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 50.30%
||
7 Day CHG+0.04%
Published-18 Dec, 2024 | 18:53
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-VibeThemes
Product-WPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-27951
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 66.03%
||
7 Day CHG+0.14%
Published-03 Apr, 2024 | 11:53
Updated-07 Feb, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Action-Not Available
Vendor-ThemeisleThemeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPGmultiple_page_generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 50.30%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:50
Updated-16 Dec, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10.

Action-Not Available
Vendor-SeedProd, LLC (SeedProd)
Product-SeedProd Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-26503
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.16% / 83.61%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 00:00
Updated-10 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

Action-Not Available
Vendor-openeclassn/agunet
Product-openeclassn/aopen_eclass_platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 00:00
Updated-30 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.

Action-Not Available
Vendor-simpleimportproduct_projectn/amyprestamodules
Product-simpleimportproductn/asimpleimportproduct
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36066
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.26% / 78.54%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 19:35
Updated-23 Apr, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse vulnerable to RCE via admins uploading maliciously zipped file

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 19:02
Updated-20 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

Action-Not Available
Vendor-Soflyy
Product-wp_all_importImport any XML or CSV File to WordPress (WordPress plugin)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-5514
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.83% / 73.68%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 18:43
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.

Action-Not Available
Vendor-gilacmsn/a
Product-gila_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-38734
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.90% / 74.78%
||
7 Day CHG+0.07%
Published-12 Jul, 2024 | 15:18
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4.

Action-Not Available
Vendor-SpreadsheetConverterspreadsheetconverter
Product-Import Spreadsheets from Microsoft Excelimport_spreadsheets
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • Next
Details not found