CWE-434: Unrestricted File Upload

This vulnerability allows authenticated low-privileged users in Chamilo LMS to upload malicious files and execute arbitrary code on the server. The sy...

This vulnerability allows authenticated users to upload .htaccess or .user.ini files to FreeScout help desk systems, enabling remote code execution on...

CVE-2018-25158 is an arbitrary file upload vulnerability in Chamilo LMS that allows authenticated users to upload PHP files disguised as images, then ...

OpenSourcePOS 3.4.1 contains a Local File Inclusion vulnerability that allows attackers to read arbitrary files on the web server by manipulating invo...

CVE-2025-13689 is an unrestricted file upload vulnerability in IBM DataStage on Cloud Pak for Data that allows authenticated users to upload malicious...

This vulnerability allows authorized users to upload executable files through CIPPlanner CIPAce's rich text editor and document management components....

Agentflow software by Flowring contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files and execu...

This vulnerability allows attackers to upload malicious files (like web shells) to Sensaway web servers without proper file type validation. It affect...

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin that allows attackers to upload malicious files to web-...

This vulnerability allows authenticated administrators in jizhiCMS 1.6.7 to download arbitrary files from the server by exploiting the admin plugins u...

This vulnerability in n8n's Merge node allows authenticated users with workflow creation/modification permissions to write arbitrary files to the serv...

This vulnerability in Cisco Meeting Management allows authenticated attackers with video operator privileges to upload malicious files through the web...

The WP FOFT Loader WordPress plugin has a vulnerability that allows authenticated attackers with Author-level access or higher to upload arbitrary fil...

This CVE describes an arbitrary file upload vulnerability in FPDF's AddFont() function that allows attackers to upload malicious PHP files. Successful...

The OS DataHub Maps WordPress plugin has an arbitrary file upload vulnerability that allows authenticated attackers with Author-level access or higher...

An unauthenticated attacker can upload arbitrary files to MagicInfo9 Server, leading to remote code execution and privilege escalation. This affects M...

CVE-2021-47904 is an authenticated file upload vulnerability in PhreeBooks 5.2.3 that allows attackers to upload malicious PHP files through the Image...

CVE-2021-47888 is an authenticated remote code execution vulnerability in Textpattern CMS that allows logged-in users to upload malicious PHP files an...

IBM Concert versions 1.0.0 through 2.1.0 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files to the web ...

This vulnerability in Easy Discuss for Joomla allows attackers to upload malicious files by bypassing extension-based validation. Attackers can upload...

This vulnerability allows authenticated attackers with author-level WordPress access to upload malicious files disguised as VTT subtitle files, bypass...

A file upload vulnerability in Omnispace Agora Project allows authenticated users (and sometimes guest users) to upload arbitrary files via the Upload...

CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Management System 2.0.2. Authenticated attackers can upload...

CVE-2021-47758 allows authenticated attackers to upload malicious PHP plugins through Chikitsa Patient Management System's module upload functionality...

The Supreme Modules Lite WordPress plugin has an arbitrary file upload vulnerability in versions up to 2.5.62. Authenticated attackers with author-lev...

This vulnerability allows authenticated attackers to execute arbitrary PHP code on WBCE CMS servers by uploading malicious droplets through the admin ...

This vulnerability allows remote attackers to execute arbitrary code on Automai Director v25.2.0 systems by exploiting the update mechanism. Attackers...

The WP Enable WebP WordPress plugin has a vulnerability that allows authenticated attackers with Author-level permissions or higher to upload arbitrar...

CVE-2025-15240 is an arbitrary file upload vulnerability in QOCA aim AI Medical Cloud Platform that allows authenticated attackers to upload malicious...

CVE-2025-55061 is an unrestricted file upload vulnerability (CWE-434) that allows attackers to upload malicious files to vulnerable systems. This coul...

This vulnerability allows attackers to upload malicious files to Specto CM systems, potentially leading to remote code execution. It affects all Spect...

WebTareas 2.4 contains an authenticated file upload vulnerability that allows attackers to upload malicious PHP files and execute arbitrary code on th...

Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, allowing attackers to upload malicious files to the server. This can lead to remo...

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives. Attackers ca...

CVE-2023-53933 is a remote code execution vulnerability in Serendipity 2.4.0 that allows authenticated attackers to upload malicious PHP files with .p...

This vulnerability allows authenticated attackers to upload malicious PHP files disguised as avatar images in UliCMS, leading to remote code execution...

CVE-2023-53868 is a remote code execution vulnerability in Coppermine Gallery that allows authenticated attackers to upload malicious PHP files throug...

FNT Command 13.4.0 contains a vulnerability in its C Base Module that allows remote code execution. Attackers can upload malicious files to execute ar...

The WP3D Model Import Viewer plugin for WordPress has a vulnerability that allows authenticated attackers with Author-level access or higher to upload...

The Infility Global WordPress plugin allows authenticated attackers with subscriber-level access or higher to upload arbitrary files due to missing fi...

This vulnerability allows authenticated administrators in WBCE CMS to upload malicious ZIP modules containing PHP reverse shell code, leading to remot...

This vulnerability allows authenticated attackers to upload malicious PHP files through the Elfinder file manager in WBCE CMS version 1.6.2, leading t...

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through...

Dotclear 2.29 contains an authenticated remote code execution vulnerability where attackers with valid credentials can upload malicious PHP files thro...

This CSRF vulnerability in the Video Merchant WordPress plugin allows unauthenticated attackers to upload arbitrary files by tricking administrators i...

LeptonCMS 7.3.0 contains an arbitrary file upload vulnerability due to insufficient file validation. Authenticated attackers can upload malicious ZIP/...