Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52407

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Nov, 2024 | 21:46
Updated At-19 Nov, 2024 | 14:46
Rejected At-
Credits

WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Nov, 2024 | 21:46
Updated At:19 Nov, 2024 | 14:46
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.

Affected Products
Vendor
codeSavory
Product
BasePress Migration Tools
Collection URL
https://wordpress.org/plugins
Package Name
basepress-migration-tools
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-650CAPEC-650 Upload a Web Shell to a Web Server
CAPEC ID: CAPEC-650
Description: CAPEC-650 Upload a Web Shell to a Web Server
Solutions
Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
codesavory
Product
basepress_migration_tools
CPEs
  • cpe:2.3:a:codesavory:basepress_migration_tools:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.0.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Nov, 2024 | 22:15
Updated At:18 Nov, 2024 | 17:11

Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Primaryaudit@patchstack.com
CWE ID: CWE-434
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

138Records found
CVE-2015-5951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-3.07% / 86.44%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 20:32
Updated-06 Aug, 2024 | 07:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

Action-Not Available
Vendor-thomsonreutersn/a
Product-fatcan/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-0471
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 72.14%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 13:02
Updated-07 May, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.

Action-Not Available
Vendor-sigbPMB Services
Product-pmbPMB platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8614
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-12.82% / 93.86%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 08:29
Updated-08 Nov, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-eyecixhttps://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856eyecix
Product-jobsearch_wp_job_boardJobSearch WP Job Boardjobsearch_wp_job_board
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8463
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.10% / 28.74%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 12:49
Updated-12 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

Action-Not Available
Vendor-PHPGurukul LLP
Product-job_portalJob Portaljob_portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-57968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-25.14% / 96.05%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 00:00
Updated-04 Nov, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

Action-Not Available
Vendor-advantiveAdvantiveAdvantive
Product-veracoreVeraCoreVeraCore
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG-0.20%
Published-18 Dec, 2024 | 18:52
Updated-12 Dec, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56050
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG-0.20%
Published-18 Dec, 2024 | 18:56
Updated-12 Dec, 2025 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-45.95% / 97.54%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.

Action-Not Available
Vendor-Siddharth Nagar
Product-Import Export For WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52369
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:16
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.

Action-Not Available
Vendor-Optimal Access Inc.optimal_access
Product-KBucketkbucket
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-34.73% / 96.91%
||
7 Day CHG+1.89%
Published-18 Nov, 2024 | 14:19
Updated-20 Nov, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.

Action-Not Available
Vendor-antonhoelstadAnton Hoelstadanton_hoelstad
Product-wp_quick_setupWP Quick Setupwp_quick_setup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52399
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 22:06
Updated-19 Nov, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Writer Helper plugin <= 3.1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.

Action-Not Available
Vendor-Clarisse K.clarisse_k
Product-Writer Helperwriter_helper
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52405
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:50
Updated-19 Nov, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1.

Action-Not Available
Vendor-Bikram Joshibikram_joshi
Product-B-Banner Sliderb-banner_slider
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52408
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:44
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.

Action-Not Available
Vendor-Team PushAssistpushassist
Product-Push Notifications for WordPress by PushAssistpush_notifications
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:35
Updated-15 Nov, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.

Action-Not Available
Vendor-Sage AIsageai
Product-Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generationsage_ai
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50511
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-30 Oct, 2024 | 07:47
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through 1.0.1.

Action-Not Available
Vendor-David DONISA
Product-WP donimedia carousel
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1644
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-9.9||CRITICAL
EPSS-0.24% / 46.68%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 23:54
Updated-31 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suite CRM v7.14.2 - RCE via Local File Inclusion

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.

Action-Not Available
Vendor-SuiteCRM Ltd.SalesAgility Ltd.
Product-suitecrmSuite CRM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.99%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:58
Updated-29 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.

Action-Not Available
Vendor-azexoazexo
Product-Marketing Automation by AZEXOmarketing_automation_by_azexo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:40
Updated-06 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stars SMTP Mailer plugin <= 1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-stars_smtp_mailerStars SMTP Mailerstars_smtp_mailer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51548
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.7||HIGH
EPSS-0.22% / 43.93%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 12:52
Updated-05 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dangerous File Upload

Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Action-Not Available
Vendor-ABB
Product-MATRIX SeriesNEXUS SeriesASPECT-Enterpriseaspect_enterprisenexus_seriesmatrix_series
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:41
Updated-06 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.

Action-Not Available
Vendor-rudrainnovativeRudra Innnovative Softwarerudra_innovative_software
Product-training_-_coursesTraining – Coursestraining_courses
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.39% / 59.80%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:37
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.

Action-Not Available
Vendor-Ecomerciarecomerciar
Product-Woocommerce Custom Profile Picturewoocommerce_custom_profile_picture
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:39
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.

Action-Not Available
Vendor-ReneeCussackreneecussack
Product-3D Work In Progress3d_work_in_progress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1112
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.37% / 79.92%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-11011
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.90% / 75.28%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:15
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCE via file upload in Phproject

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.

Action-Not Available
Vendor-Phproject (Alan Hardman-Alanaktion)
Product-phprojectPhproject
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-64.56% / 98.41%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 08:31
Updated-29 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.

Action-Not Available
Vendor-Devsoft Baltic OÜdevsoft_baltic
Product-SurveyJS: Drag & Drop WordPress Form Buildersurveyjs
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:35
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.

Action-Not Available
Vendor-Alexander De Ridderalexander_de_ridder
Product-INK Officialink_official
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10960
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-0.84% / 74.31%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 11:11
Updated-20 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-brizythemefusecom
Product-brizyBrizy – Page Builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-11082
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-14.83% / 94.36%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 09:47
Updated-29 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-tumultinctumult
Product-Tumult Hype Animationstumult_hype_animations
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:51
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 Reply Manager plugin <= 1.2.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3.

Action-Not Available
Vendor-Bigfivebigfive
Product-CF7 Reply Managercontact_form_7
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG-0.20%
Published-18 Dec, 2024 | 18:55
Updated-12 Dec, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9307
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-5.89% / 90.39%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 06:43
Updated-08 Nov, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run the .exe file, or trick a site visitor into downloading and running the .exe file.

Action-Not Available
Vendor-themelooksthemelooksthemelooks
Product-mfoliomFolio Litemfolio_lite
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48035
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.99%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:05
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.

Action-Not Available
Vendor-Takayuki Imanishitakayukiimanishi
Product-ACF Images Search And Insertacf_images_search_and_insert
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:43
Updated-24 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-property_lot_management_systemProperty Lot Management Systemproperty_lot_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.76%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0.

Action-Not Available
Vendor-SuitePlugins
Product-Video & Photo Gallery for Ultimate Member
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48034
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.79% / 73.53%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:43
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2.

Action-Not Available
Vendor-Fliperrr Teamfliperr_team
Product-Creates 3D Flipbook, PDF Flipbookcreates_3d_flipbook_pdf_flipbook
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.88% / 74.95%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:38
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.

Action-Not Available
Vendor-Limblimb
Product-WordPress Gallery Plugin – Limb Image Gallerylimb_image_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48027
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.77%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:07
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2.

Action-Not Available
Vendor-xaraartechxaraartech
Product-External featured image from bingexternal_featured_image_from_bing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52403
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:53
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.

Action-Not Available
Vendor-WPExpertswpexperts
Product-User Managementuser_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52400
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 22:04
Updated-19 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.

Action-Not Available
Vendor-Subhasis Lahasubhasis_laha
Product-Galleriogallerio
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-46479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.88% / 74.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-07 Oct, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

Action-Not Available
Vendor-venkiVenki
Product-supravizio_bpmSupravizio BPM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3682
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-9.9||CRITICAL
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 11:36
Updated-18 Feb, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SDM600 file permission validation

A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-sdm600SDM600
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-45076
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 15:59
Updated-06 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration code execution

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

Action-Not Available
Vendor-IBM Corporation
Product-webmethods_integrationwebMethods Integration
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-13774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-5.17% / 89.68%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 19:22
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

Action-Not Available
Vendor-n/aIvanti Software
Product-endpoint_managern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4306
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 11:56
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.

Action-Not Available
Vendor-Ofofonobsofofonobs
Product-HubBankhubbank
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-62016
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:55
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.

Action-Not Available
Vendor-hogash
Product-Kallyas
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-1.88% / 82.82%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:19
Updated-06 Sep, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.

Action-Not Available
Vendor-bitappsBit Appsbitapps
Product-bit_formBit Form Probit_form_pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-62056
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.02% / 4.00%
||
7 Day CHG-0.03%
Published-22 Jan, 2026 | 16:51
Updated-27 Jan, 2026 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1.

Action-Not Available
Vendor-blazethemes
Product-News Event
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:13
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.

Action-Not Available
Vendor-Hive Supporthivesupport
Product-Hive Support – WordPress Help Deskhive_support
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-13126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-67.02% / 98.51%
||
7 Day CHG~0.00%
Published-17 May, 2020 | 00:38
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-25510
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.33% / 55.54%
||
7 Day CHG+0.02%
Published-03 Feb, 2026 | 21:17
Updated-10 Feb, 2026 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. This issue has been patched in version 0.28.5.0.

Action-Not Available
Vendor-ci4-cms-erpci4-cms-erp
Product-ci4msci4ms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found