CWE-434: Unrestricted File Upload

CVE-2022-25016 is a critical arbitrary file upload vulnerability in Home Owners Collection Management System v1.0 that allows attackers to upload mali...

This vulnerability allows remote attackers to execute arbitrary PHP code on Maxsite CMS v180 installations by uploading a crafted PHP file to the /adm...

This vulnerability allows remote unauthenticated attackers to upload executable files to websites using vulnerable JQueryForm.com forms, leading to re...

This vulnerability allows attackers to upload malicious files to Schneider Electric's Interactive Graphical SCADA System Data Collector (dc.exe), pote...

This vulnerability in UJCMS Jspxcms allows attackers to execute arbitrary system commands by uploading malicious files that exploit a dangerous FreeMa...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running Sourcecodester Simple Chatbot Application 1.0 ...

This CVE describes a critical file upload vulnerability in mingSoft MCMS content management system that allows remote attackers to upload malicious JS...

MCMS v5.2.4 contains an arbitrary file upload vulnerability in the /ms/template/writeFileContent.do endpoint that allows attackers to upload malicious...

This vulnerability allows attackers to upload arbitrary PHP files to the school management software's upload directory, enabling remote code execution...

CVE-2021-44031 is a critical pre-authentication remote code execution vulnerability in Quest KACE Desktop Authority. Attackers can upload malicious AS...

This vulnerability allows unauthenticated remote attackers to upload arbitrary files, including webshells, to 4MOSAn GCB Doctor systems. Attackers can...

CVE-2021-44164 is a critical vulnerability in Chain Sea AI chatbot systems that allows unauthenticated remote attackers to bypass file upload restrict...

OpenCATS versions through 0.9.6 contain an unrestricted file upload vulnerability in lib/FileUtility.php that allows remote attackers to upload execut...

This vulnerability allows unauthenticated attackers to upload malicious PHP files through the plugin upload functionality in emlog, leading to remote ...

CVE-2021-43117 is a critical file upload vulnerability in FastAdmin v1.2.1 that allows attackers to upload malicious files and execute arbitrary code ...

This vulnerability allows remote, unauthenticated attackers to upload arbitrary files to any location on the filesystem of FatPipe WARP, IPVPN, and MP...

This vulnerability allows unauthenticated attackers to upload malicious files to Zoho ManageEngine M365 Manager Plus servers, leading to remote code e...

CVE-2021-44093 is a critical remote command execution vulnerability in zrlog 2.2.2 that allows attackers to bypass file upload restrictions and upload...

This vulnerability allows attackers to upload malicious .phar files that execute PHP code on Laravel applications running on Debian-based systems. It ...

This vulnerability allows authenticated attackers to upload malicious ZIP files containing JSP code through ServiceTonic's Service import feature. Whe...

This CVE describes a critical file upload vulnerability in Sourcecodester Engineers Online Portal that allows attackers to upload PHP webshells to exe...

CVE-2020-18261 is a critical arbitrary file upload vulnerability in ED01-CMS v1.0 that allows attackers to upload malicious files through the image up...

This vulnerability allows remote attackers to execute arbitrary code on Sourcecodester Online Reviewer System 1.0 by uploading malicious PHP files dis...

This vulnerability allows attackers to upload malicious PHP files disguised as images to the Online Food Ordering System, bypassing file upload filter...

This vulnerability allows remote attackers to execute arbitrary code on systems running Mara v7.5 by uploading a crafted PHP file to the /codebase/dir...

CVE-2021-41566 is an unauthenticated remote code execution vulnerability in TadTools file upload functionality. Attackers can upload arbitrary files w...

CVE-2021-37762 is a critical vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to overwrite arbitrary files on the server, leadi...

This vulnerability allows attackers to upload arbitrary files to Zoho ManageEngine ADManager Plus servers, which can lead to remote code execution. It...

CVE-2021-37921 is a critical vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to upload arbitrary files without restrictions, l...

CVE-2021-37923 is a critical vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to upload arbitrary files without restrictions, l...

CVE-2021-37926 is a critical unrestricted file upload vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to upload malicious file...

This vulnerability in Zoho ManageEngine ADManager Plus allows attackers to upload arbitrary files without restrictions, leading to remote code executi...

This vulnerability allows attackers to upload arbitrary files to Zoho ManageEngine ADManager Plus servers, which can lead to remote code execution. It...

CVE-2021-3832 is a critical remote code execution vulnerability in Integria IMS version 5.0.92 that allows unauthenticated attackers to upload malicio...

This vulnerability allows attackers to upload malicious files to Zoho ManageEngine ADManager Plus servers without proper validation, leading to remote...

This vulnerability allows attackers to upload arbitrary files without restrictions in Zoho ManageEngine ADManager Plus, leading to remote code executi...

This vulnerability allows attackers to upload malicious PHP files through the upload.php script in FrogCMS SentCMS, leading to remote code execution a...

CVE-2020-21322 is an arbitrary file upload vulnerability in Feehi CMS that allows attackers to upload malicious PHP files. This can lead to remote cod...

Kooboo CMS 2.1.1.0 has an insecure file upload vulnerability that allows attackers to upload arbitrary files, including malicious ASPX web shells, to ...

This vulnerability allows unauthenticated attackers to upload malicious files (including PHP scripts) to WordPress sites running the Shopp plugin. Thi...

This vulnerability allows attackers to upload malicious PHP files to Dswjcms 1.6.4, leading to remote code execution. Attackers can take full control ...

This vulnerability allows remote attackers to upload arbitrary files to ShowDoc servers, which can lead to remote code execution. Attackers can exploi...

This vulnerability allows remote attackers to upload malicious files to DotCMS servers, leading to arbitrary code execution. Attackers can exploit thi...

CVE-2021-40531 is a vulnerability in Sketch design software that allows attackers to bypass macOS file quarantine protections through malicious librar...

CVE-2021-36356 is a critical remote code execution vulnerability in KRAMER VIAware software that allows attackers to execute arbitrary code by sending...

Delta Electronics DIAEnergie versions 1.7.5 and earlier contain an unrestricted file upload vulnerability that allows attackers to upload malicious fi...

CVE-2021-40175 is a critical vulnerability in Zoho ManageEngine Log360 that allows attackers to upload arbitrary files without authentication, leading...

This vulnerability allows attackers to upload arbitrary code through the Image Upload feature in NASCENT RemKon Device Manager, leading to remote code...

CVE-2020-18879 is an unrestricted file upload vulnerability in Bludit CMS v3.8.1 that allows remote attackers to upload malicious files via the upload...

This vulnerability allows attackers to upload malicious files to Apache OFBiz servers, which can lead to remote code execution. It affects Apache OFBi...