CWE-284: Improper Access Control

This vulnerability in DouPHP allows attackers to upload arbitrary files without restrictions via the /admin/file.php ZIP file handler by manipulating ...

This vulnerability allows remote attackers to upload arbitrary files to the Online Music Site 1.0 web application via the /Administrator/PHP/AdminAddA...

This vulnerability allows remote attackers to upload arbitrary files to the EFM ipTIME A8004T router via the VPN service component. Attackers can expl...

CVE-2026-1424 is an unrestricted file upload vulnerability in PHPGurukul News Portal 1.0's Profile Pic Handler component. This allows remote attackers...

This vulnerability in technical-laohu mpay up to version 1.2.4 allows remote attackers to upload arbitrary files via the QR Code Image Handler compone...

This vulnerability in BiggiDroid Simple PHP CMS 1.0 allows attackers to upload arbitrary files via the /admin/editsite.php endpoint due to insufficien...

This vulnerability allows remote attackers to upload arbitrary files to the code-projects CMS 1.0 system via the image parameter in the /admin/edit_po...

This vulnerability allows remote attackers to upload arbitrary files to newbee-mall-plus 2.0.0 through the product information edit page. Attackers ca...

BiggiDroid Simple PHP CMS 1.0 has an unrestricted file upload vulnerability in the Site Logo Handler component. Attackers can upload malicious files v...

This vulnerability allows remote attackers to upload arbitrary files to the Content Management System and News-Buzz 1.0 through the /admin/editposts.p...

This vulnerability allows remote attackers to upload arbitrary files to the jackq XCMS backend through the ProductImageController. Affected systems ar...

CVE-2025-14642 is an unrestricted file upload vulnerability in Computer Laboratory System 1.0 that allows remote attackers to upload malicious files v...

CVE-2025-14641 is an unrestricted file upload vulnerability in Computer Laboratory System 1.0's admin/admin_pic.php file. Attackers can remotely uploa...

This vulnerability in campcodes Online Student Enrollment System 1.0 allows attackers to upload arbitrary files via the userphoto parameter in the adm...

Campcodes Retro Basketball Shoes Online Store 1.0 has an unrestricted file upload vulnerability in the admin/admin_running.php file. Attackers can rem...

This vulnerability allows remote attackers to upload arbitrary files to the Online Bidding System 1.0 administrator interface via the catimage paramet...

This vulnerability allows remote attackers to upload arbitrary files to Campcodes Retro Basketball Shoes Online Store 1.0 via the product_image parame...

This vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 allows attackers to upload arbitrary files to the server via the product_image...

This vulnerability allows remote attackers to upload arbitrary files to the Iqbolshoh php-business-website through the /admin/about.php endpoint. It a...

This vulnerability allows attackers to upload arbitrary files to DouPHP systems without proper restrictions. It affects all DouPHP installations up to...

This vulnerability allows remote attackers to upload arbitrary files to the Bdtask/CodeCanyon News365 system via the profile_image/banner_image parame...

Willow CMS up to version 1.4.0 contains an unrestricted file upload vulnerability in the /admin/images/add endpoint. This allows attackers to upload m...

This vulnerability allows attackers to upload arbitrary files without restrictions on the Add Product page of affected ecommerce systems. It affects a...

This vulnerability allows remote attackers to upload arbitrary files through the image parameter in the User Management Interface of ajayrandhawa User...

This vulnerability allows remote attackers to upload arbitrary SVG files without proper restrictions in Total.js Flow. It affects all deployments usin...

This vulnerability in code-projects Voting System 1.0 allows remote attackers to upload arbitrary files via the photo parameter in /admin/voters_add.p...

This vulnerability allows attackers to upload arbitrary files to the Hotel and Lodge Management System through the /manage_website.php endpoint. Attac...

This vulnerability allows remote attackers to upload arbitrary files to the Projectworlds Online Tours and Travels 1.0 system via the /admin/change-im...

This vulnerability in SourceCodester Pet Management System 1.0 allows remote attackers to upload arbitrary files via the website_image parameter in /a...

An improper access control vulnerability in Microsoft Edge allows attackers to bypass security features over a network. This affects users of Microsof...

Emlog Pro up to version 2.5.18 contains an unrestricted file upload vulnerability in the avatar update function. Attackers can remotely upload malicio...

This critical vulnerability in Simple Car Rental System 1.0 allows remote attackers to upload arbitrary files via the image parameter in /admin/add_ca...

This vulnerability allows remote attackers to upload arbitrary files to Simple Company Website 1.0 via the /classes/Users.php?f=save endpoint. Attacke...

This critical vulnerability in Tmall Demo allows remote attackers to upload arbitrary files without restrictions via the uploadProductImage function. ...

Campcodes Online Shopping Portal 1.0 contains a critical vulnerability in the admin/edit-subcategory.php file that allows unrestricted file upload via...

This vulnerability allows remote attackers to upload arbitrary files to the PHPGurukul Car Rental Project 1.0 system via the /admin/post-avehical.php ...

This vulnerability in Cisco Catalyst Center (formerly DNA Center) allows authenticated remote attackers to bypass access controls and read/modify data...

This critical vulnerability in BeyongCms 1.6.0 allows remote attackers to upload arbitrary files without restrictions via the Document Management Page...

This vulnerability in WonderCMS 3.5.0 allows remote attackers to upload arbitrary files through the theme/plugin installation function, potentially le...

This critical vulnerability in itsourcecode Farm Management System allows remote attackers to upload arbitrary files via the /add-pig.php endpoint's p...

This vulnerability allows remote attackers to upload arbitrary files without restrictions in StarSea99 starsea-mall version 1.0. Attackers can exploit...

This vulnerability allows remote attackers to upload arbitrary files to the donglight bookstore e-commerce system through the uploadPicture function. ...

This vulnerability allows remote attackers to upload arbitrary files without restrictions in the SpringBoot-Blog 1.0 application. Attackers can exploi...

This vulnerability allows remote attackers to upload arbitrary files without restrictions in wangl1989 mysiteforme 1.0. Attackers can exploit this to ...

A critical vulnerability in EyouCMS allows unrestricted file uploads via the Website Logo Handler component, enabling attackers to upload malicious fi...

This vulnerability allows authenticated attackers to upload arbitrary files to the Real Estate Management System's About Us page. Attackers can exploi...

Kashipara Music Management System v1.0 has an incorrect access control vulnerability in the /music/ajax.php endpoint that allows unauthorized users to...

This vulnerability allows users with edit access to the permissions section of the Mattermost system console to escalate their privileges to System Ad...

This vulnerability in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft URLs that bypass allowlist controls. Attackers c...

A vulnerability in SIMATIC CN 4100 devices allows attackers with physical access to trigger a denial-of-service reboot via the USB port. This affects ...