CWE-434: Unrestricted File Upload

CVE-2021-38753 is a critical unrestricted file upload vulnerability in Simple Image Gallery Web App that allows attackers to upload malicious files li...

This vulnerability allows attackers to upload arbitrary files to LJCMS v4.3 web servers through the move_uploaded_file() function, potentially leading...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP scripts, to WordPress sites using the Workreap theme. The...

This vulnerability allows attackers to upload arbitrary files to the jeecg-boot CMS system through the /jeecg-boot/sys/common/upload endpoint. Attacke...

CVE-2021-36622 allows unauthenticated attackers to upload malicious PHP files disguised as images to the admin panel of Sourcecodester Online Covid Va...

This CVE describes an arbitrary file upload vulnerability in SourceCodester Learning Management System v1.0, allowing attackers to upload malicious fi...

CVE-2021-25203 is an arbitrary file upload vulnerability in Victor CMS v1.0 that allows attackers to upload malicious files to the server. This vulner...

This vulnerability allows attackers to upload arbitrary files to the Responsive Ordering System v1.0 via Product_model.php, potentially leading to rem...

CVE-2021-25207 is an arbitrary file upload vulnerability in SourceCodester E-Commerce Website v1.0 that allows attackers to upload malicious files to ...

CVE-2021-25211 is an arbitrary file upload vulnerability in SourceCodester Ordering System v1.0 that allows attackers to upload malicious files to the...

This vulnerability allows attackers to upload arbitrary files to the Alumni Management System, which can lead to remote code execution. It affects Sou...

CVE-2021-35963 is an unauthenticated remote code execution vulnerability in the Orca HCM digital learning platform's file upload function. Attackers c...

CVE-2021-30118 is an unauthenticated arbitrary file upload vulnerability in Kaseya VSA that allows remote attackers to upload malicious ASP.NET files ...

CVE-2021-32538 is an unauthenticated remote code execution vulnerability in ARTWARE CMS. Attackers can upload arbitrary files without authentication t...

This critical vulnerability in the ProfilePress WordPress plugin allows unauthenticated attackers to upload arbitrary files during user registration o...

PandoraFMS versions up to 7.54 contain an arbitrary file upload vulnerability in the File Manager component. Attackers can bypass built-in protections...

This vulnerability allows remote attackers to execute arbitrary code on IBOS 4.5.4 Open systems through arbitrary file inclusion in the CronController...

CRMEB versions 3.1.0+ contain an unrestricted file upload vulnerability in the UploadService.php component that allows attackers to upload malicious f...

This vulnerability allows attackers to upload arbitrary files to Joomla! websites due to insufficient input validation in the installer migration scri...

This vulnerability in the Autoptimize WordPress plugin allows attackers to upload malicious PHP files through the Import Settings feature, bypassing p...

The Fancy Product Designer WordPress plugin before version 4.6.9 contains an unauthenticated arbitrary file upload vulnerability. This allows attacker...

CVE-2020-19510 is an arbitrary file upload vulnerability in Textpattern CMS that allows authenticated attackers to upload malicious files to the serve...

This vulnerability allows remote attackers to upload and execute arbitrary PHP code via the Themify framework in the Elemin WordPress theme. Attackers...

CVE-2020-35760 is an unrestricted file upload vulnerability in bloofoxCMS that allows attackers to upload malicious PHP files. This can lead to remote...

CVE-2021-26473 is a critical vulnerability in VembuBDR and VembuOffsiteDR backup software that allows unauthenticated attackers to write arbitrary fil...

Frontier ichris versions through 5.18 allow authenticated users to upload malicious executable files that can be downloaded and executed by other user...

This vulnerability allows attackers to upload unvalidated files to Emerson Rosemount X-STREAM Gas Analyzer webservers, enabling remote code execution....

This vulnerability allows remote attackers to upload arbitrary files to LAOBANCMS v2.0 by exploiting an unrestricted file upload flaw. Attackers can u...

This vulnerability allows unauthenticated attackers to upload arbitrary ZIP files containing malicious PHP scripts to WordPress sites using the Kaswar...

This vulnerability allows remote attackers to upload malicious PHP files disguised as JPEG images to ArticleCMS 1.0, enabling arbitrary code execution...

CVE-2020-28063 is a critical file upload vulnerability in ArticleCMS that allows attackers to upload malicious files and execute arbitrary code on the...

This vulnerability allows unauthenticated attackers to upload arbitrary files to servers running the Golo Laravel theme v1.1.5. This can lead to remot...

CVE-2021-32089 allows unauthenticated attackers to upload arbitrary files to Zebra FX9500 RFID Reader filesystems, which can then be accessed via the ...

The Imagements WordPress plugin through version 1.2.5 has an unauthenticated arbitrary file upload vulnerability that allows remote attackers to uploa...

This vulnerability allows attackers to upload arbitrary files to the Online Book Store v1.0 web application through the admin_add.php endpoint. Succes...

CVE-2020-23083 is a critical unrestricted file upload vulnerability in JEECG that allows remote attackers to upload malicious files without proper val...

This is a critical unauthenticated file upload vulnerability in Uniview ISC2500-S surveillance systems that allows attackers to upload arbitrary malic...

This vulnerability allows unauthenticated remote attackers to upload arbitrary files via the Business Hours Pro WordPress plugin's manual update funct...

This vulnerability allows attackers to upload dangerous executable files through Orchard's TinyMCE editor, bypassing file type restrictions. It affect...

The WP-Curriculo Vitae Free WordPress plugin through version 6.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers...

CVE-2021-28173 is an unauthenticated remote code execution vulnerability in Vangene deltaFlow E-platform's file upload function. Attackers can upload ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the WooCommerce Help Scout plugin before versio...

This vulnerability in the WooCommerce Upload Files WordPress plugin allows attackers to bypass file extension filtering and upload malicious PHP files...

CVE-2020-21585 is a critical vulnerability in emlog v6.0.0 that allows authenticated users to upload malicious PHP webshells via the zip plugin module...

This is an unauthenticated remote code execution vulnerability in NETGEAR ProSAFE Network Management System. Attackers can upload malicious files and ...

This CVE describes a remote code execution vulnerability in ShopXO e-commerce platform version 1.9.3. Attackers can upload malicious PHAR files disgui...

CVE-2021-27964 allows unauthenticated attackers to upload arbitrary files to SonLogger web servers via a specific endpoint. This can lead to remote co...

CVE-2021-27198 allows unauthenticated attackers to upload arbitrary files and execute code remotely on Visualware MyConnection Server installations. T...

This vulnerability allows remote attackers to upload arbitrary PHP files to WordPress servers running the vulnerable YITH WooCommerce Gift Cards Premi...

CVE-2021-26809 is a critical remote code execution vulnerability in PHPGurukul Car Rental Project version 2.0 that allows unauthenticated attackers to...