CWE-434: Unrestricted File Upload

This vulnerability allows remote attackers to upload arbitrary PHP files to WordPress servers running the vulnerable YITH WooCommerce Gift Cards Premi...

CVE-2021-26809 is a critical remote code execution vulnerability in PHPGurukul Car Rental Project version 2.0 that allows unauthenticated attackers to...

This vulnerability in ProBot for Discord allows attackers to upload malicious files with double extensions (like .html.jpg) that are served with text/...

CVE-2021-3378 is an arbitrary file upload vulnerability in FortiLogger that allows attackers to upload malicious files by sending a Content-Type: imag...

This vulnerability allows attackers to upload arbitrary files to yccms 3.3 systems without proper validation, leading to remote code execution. Attack...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on NETGEAR NMS300 network management systems. Attackers can gain ful...

This vulnerability allows remote attackers to execute arbitrary code on Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers by u...

UCMS 1.5.0 contains an arbitrary file upload vulnerability (CWE-434) that allows attackers to upload malicious files to the server. This can lead to r...

This vulnerability allows attackers to upload arbitrary PHP files to the Online Library Management System, leading to remote code execution. It affect...

This vulnerability allows attackers to upload arbitrary files to the web server directory in Aviatrix Controller versions before R6.0.2483. This can l...

CVE-2020-28140 is a critical arbitrary file upload vulnerability in SourceCodester Online Clothing Store 1.0 that allows attackers to upload malicious...

This vulnerability allows attackers to upload malicious PHP files disguised as JPEG images to Microweber's admin panel. Attackers can execute arbitrar...

This vulnerability in NVIDIA DGX servers allows attackers to upload malicious files to the BMC firmware, which can be automatically processed leading ...

This vulnerability allows attackers to upload malicious PHP files through the car rental management system's image upload feature, leading to remote c...

This vulnerability in Niushop B2B2C Multi-business basic version allows attackers to bypass administrator authentication, access the background upload...

CVE-2020-23828 is a critical file upload vulnerability in SourceCodester Online Course Registration v1.0 that allows remote attackers to upload malici...

This vulnerability allows unauthenticated attackers to upload arbitrary files to the Vehicle Image Upload component in Car Rental Management System v1...

CVE-2020-24202 is an arbitrary file upload vulnerability in the House Rental v1.0 PHP application that allows regular users to upload malicious files,...

This vulnerability allows remote attackers to upload and execute arbitrary PHP code on Navigate CMS servers by exploiting insufficient file extension ...

This vulnerability in the WordPress Drag and Drop Multiple File Uploader plugin allows attackers to upload PHP files and execute arbitrary code on aff...

This vulnerability in Foxit PhantomPDF allows attackers to execute arbitrary applications by embedding executable files within PDF portfolios. Users o...

This vulnerability allows local attackers to execute arbitrary code with SYSTEM privileges by exploiting the AnchorFree VPN SDK service. The service a...

This vulnerability in asbplayer v1.13.0 allows attackers to upload malicious subtitle files that can execute arbitrary code on the system. Users of as...

This vulnerability allows remote attackers to execute arbitrary code on ManageEngine Exchange Reporter Plus servers through the Content Search module....

This CVE describes an unauthenticated file upload vulnerability in SAP systems that allows attackers to upload malicious files to the server. When vic...

Traccar GPS tracking system versions 5.1 through 5.12 contain an unrestricted file upload vulnerability in the device image upload API. Attackers can ...

This vulnerability allows authenticated users with upload permissions in Admidio to execute arbitrary PHP code on the server by uploading malicious .p...

Explorance Blue versions before 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. This allows at...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the Xpro Elementor Addons plugin. Attack...

This vulnerability allows high-privileged attackers to upload dangerous file types to ColdFusion servers without authentication, potentially leading t...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Advanced Settings plugin. Attack...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Bulk Featured Image plugin. Atta...

phpgurukul Online Shopping Portal 2.0 contains an arbitrary file upload vulnerability in the admin product upload functionality. Attackers can upload ...

This vulnerability allows attackers to upload malicious files to WordPress sites using the vcita Online Booking & Scheduling Calendar plugin. Attacker...

An authenticated arbitrary file upload vulnerability in SMA 100 series web management interface allows attackers with administrative privileges to upl...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Groundhogg plugin. Attackers can...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Bulk Featured Image plugin. Atta...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable AiBud WP plugin. Atta...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the File Manager Plugin. Attackers can g...

The ZoomSounds WordPress plugin before version 6.05 contains an unrestricted file upload vulnerability. Unauthenticated attackers can upload arbitrary...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the BEAF plugin. Attackers can gain full...

This vulnerability allows attackers to upload malicious files to WordPress sites using the I Draw plugin. Attackers can execute arbitrary code, potent...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the Kadence WooComme...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress sites using the affected plugin. It ...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running the vulnerable LABCAT Processing Projects Word...

CVE-2025-31002 is an arbitrary file upload vulnerability in the Squeeze WordPress plugin that allows attackers to upload malicious files to vulnerable...

This vulnerability allows attackers to upload malicious files to WordPress sites using the CMP – Coming Soon & Maintenance plugin. Attackers can ach...

This vulnerability in PyTorch Lightning's LightningApp allows attackers to write arbitrary files via a crafted filename at the /api/v1/upload_file/ en...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the ThemeEgg ToolKit plugin. Attackers c...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Tourfic plugin. It affects all W...