CWE-434: Unrestricted File Upload

CVE-2022-48079 is a critical privilege escalation vulnerability in Monnai aaPanel host system v1.5 that allows attackers to upload malicious PHP files...

CVE-2022-47769 is an arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 that allows unauthenticated attackers to upload m...

This vulnerability allows unauthenticated attackers to upload arbitrary files to the Hiby R3 PRO device via its web server interface. This affects all...

DataEase v1.11.1 contains an arbitrary file write vulnerability via the dataSourceId parameter. This allows attackers to write arbitrary files to the ...

CVE-2021-36711 is a critical remote code execution vulnerability in OctoBot's WebInterface that allows attackers to upload malicious Tentacles (plugin...

This vulnerability allows remote attackers on the local network to execute arbitrary code as root on Verizon 5G Home LVSKIHP InDoorUnit devices. The d...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the Free Booking Plugin for Hotels, Restauran...

This vulnerability allows unauthenticated attackers to upload arbitrary files to GFI Mail Archiver servers via insecure Telerik Web UI components. It ...

Halo CMS v1.5.3 contains an arbitrary file upload vulnerability in the /api/admin/attachments/upload endpoint that allows authenticated attackers to u...

CVE-2021-38945 is a critical vulnerability in IBM Cognos Analytics that allows remote attackers to upload arbitrary files due to improper content vali...

Laiketui 3.5.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. This can lead to remote ...

Monstra CMS 3.0.4 has an unrestricted file upload vulnerability due to insufficient filtering of PHP file extensions. Attackers can upload malicious P...

Car Rental Management System v1.0 contains an unrestricted file upload vulnerability in the admin/ajax.php endpoint that allows remote attackers to ex...

EliteCMS 1.0.1 contains a critical vulnerability in the admin/manage_uploads.php file that allows authenticated attackers to upload malicious files an...

CVE-2022-30506 is an arbitrary file upload vulnerability in MCMS 5.2.7 that allows attackers to upload malicious ZIP files containing executable code....

ACEweb Online Portal 3.5.065 contains an unrestricted file upload vulnerability in the attachments.awp component. This allows attackers to upload mali...

This vulnerability allows attackers to upload malicious files to the Roncoo Education platform's course API endpoint, which can lead to remote code ex...

SiteServer CMS versions before 5.1 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files and execute arbit...

Pharmacy Management System v1.0 contains a critical remote code execution vulnerability in the /php_action/editProductImage.php component. Attackers c...

Foxit PDF Editor v11.3.1 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files to the system. This affects a...

CVE-2022-29351 is an arbitrary file upload vulnerability in TiddlyWiki5 v5.2.2 that allows attackers to upload malicious SVG files containing JavaScri...

CVE-2022-29354 is an arbitrary file upload vulnerability in Keystone v4.2.1 that allows attackers to upload malicious files and execute arbitrary code...

This vulnerability allows attackers to upload malicious JSP files without restrictions in novel-plus's file controller. It affects all versions of nov...

CVE-2022-30448 is an unauthenticated file upload vulnerability in Hospital Management System (HMS) 1.0 that allows attackers to upload arbitrary files...

This vulnerability allows attackers to upload malicious files to the Open Virtual Simulation Experiment Teaching Management Platform software version ...

CVE-2022-28568 is a critical vulnerability in Sourcecodester Doctor's Appointment System 1.0 that allows authenticated administrators to upload malici...

CVE-2022-29347 is an arbitrary file upload vulnerability in Web@rchiv 1.0 that allows attackers to upload malicious PHP files. This enables remote cod...

CVE-2021-41921 is an unrestricted file upload vulnerability in novel-plus V3.6.1 that allows attackers to upload malicious files with arbitrary extens...

CVE-2022-27468 is a critical arbitrary file upload vulnerability in Monstaftp v2.10.3 that allows attackers to upload malicious files to the web serve...

CVE-2022-28021 is a remote code execution vulnerability in Purchase Order Management System v1.0, allowing attackers to execute arbitrary code via the...

This vulnerability allows attackers to upload arbitrary files (including PHP shells) through the signature upload feature in the VikBooking WordPress ...

CVE-2022-27262 is a critical arbitrary file upload vulnerability in Skipper v0.9.1 that allows attackers to upload malicious files and execute arbitra...

CVE-2022-27952 is a critical arbitrary file upload vulnerability in PayloadCMS v0.15.0 that allows attackers to upload malicious SVG files containing ...

CVE-2022-28397 is an arbitrary file upload vulnerability in Ghost CMS v4.42.0 that allows attackers to upload malicious files and potentially execute ...

CVE-2022-27139 is an arbitrary file upload vulnerability in Ghost CMS v4.39.0 that allows authenticated users to upload SVG files containing malicious...

CVE-2022-27260 is a critical arbitrary file upload vulnerability in ButterCMS v1.2.8 that allows attackers to upload malicious SVG files containing em...

CVE-2022-27115 is a remote code execution vulnerability in elFinder file manager that allows attackers to bypass file upload restrictions by manipulat...

CVE-2022-27477 is an arbitrary file upload vulnerability in Newbee-Mall v1.0.0 that allows authenticated attackers to upload malicious files via the a...

This vulnerability allows attackers to upload arbitrary PHP files to zbzcms v1.0 through the /zbzedit/php/zbz.php endpoint. Successful exploitation en...

This vulnerability allows remote attackers to upload arbitrary files including PHP scripts to elFinder web file managers, potentially leading to remot...

This CVE describes a file upload vulnerability in HorizontCMS that allows attackers to bypass PHP extension restrictions by uploading .htaccess and .h...

CVE-2022-24136 is a critical vulnerability in Hospital Management System v1.0 that allows attackers to upload arbitrary PHP files via treatmentrecord....

This critical vulnerability in Online Banking System Protect v1.0 allows attackers to upload malicious PHP files through the image upload function, le...

This vulnerability allows remote attackers to upload malicious files to the Student Attendance Management System 1.0, potentially leading to remote co...

This vulnerability allows attackers to upload malicious PHP files through taoCMS's File Management module, leading to remote code execution. It affect...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the Ninja Forms - File Uploads Extension plugin...

OpenDocMan 1.4.4 contains a critical file upload vulnerability that allows attackers to bypass MIME type restrictions and upload dangerous file types....

CVE-2021-45040 is an unrestricted file upload vulnerability in Spatie's Laravel Media Library Pro that allows remote attackers to upload executable fi...

CVE-2022-25487 is a critical remote code execution vulnerability in Atom CMS v2.0 that allows attackers to upload malicious files via the /admin/uploa...

CVE-2022-24651 is an unauthenticated arbitrary file upload vulnerability in sentcms 4.0.x that allows remote attackers to upload malicious PHP files t...