Vulnerabilities (CVE)

Filtered by CWE-434
Total 2646 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-50473 2024-10-29 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3.
CVE-2024-10420 1 Nurhodelta17 1 Attendance And Payroll System 2024-10-29 6.5 MEDIUM 9.8 CRITICAL
A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-45263 2024-10-28 N/A 8.8 HIGH
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control.
CVE-2024-9932 2024-10-28 N/A 9.8 CRITICAL
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-49652 2024-10-25 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.
CVE-2024-49658 2024-10-25 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.
CVE-2024-49653 2024-10-25 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.
CVE-2024-49669 2024-10-25 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.
CVE-2024-49671 2024-10-25 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through 1.1.8.
CVE-2024-49676 2024-10-25 N/A 6.6 MEDIUM
Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from n/a through 0.3.3.
CVE-2024-49668 2024-10-25 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.
CVE-2024-48454 2024-10-25 N/A 7.2 HIGH
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component
CVE-2024-49326 1 Vasiliskerasiotis 1 Affiliator 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.
CVE-2024-49324 1 Sovratec 1 Sovratec Case Management 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.
CVE-2024-49327 1 Asepbagjapriandana 1 Woostagram Connect 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.
CVE-2024-49329 1 Vivektamrakar 1 Wp Rest Api Fns 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.
CVE-2024-49330 1 Brx8r 1 Nice Backgrounds 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.
CVE-2024-49331 1 Myriadsolutionz 1 Property Lot Management System 2024-10-24 N/A 8.8 HIGH
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.
CVE-2024-49607 1 Redwanhilali 1 Wp Dropbox Dropins 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.
CVE-2024-49610 1 Jackzhu 1 Photokit 2024-10-24 N/A 9.8 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.