CWE-434: Unrestricted File Upload

This vulnerability in the wp-eMember WordPress plugin allows administrators to upload arbitrary files without validation, including malicious PHP file...

This vulnerability allows attackers to upload malicious files to the PublicCMS administration interface, leading to remote code execution. It affects ...

This vulnerability allows attackers to upload malicious files to the PublicCMS admin interface, leading to remote code execution. Any organization run...

This vulnerability allows attackers to upload arbitrary files to the Public CMS admin interface, which can lead to remote code execution. It affects P...

The Modern Events Calendar WordPress plugin allows arbitrary file uploads due to missing file type validation in the set_featured_image function. This...

The IMGspider WordPress plugin allows authenticated attackers with contributor-level permissions or higher to upload arbitrary files due to missing fi...

The Auto Featured Image WordPress plugin allows authenticated users with contributor-level permissions or higher to upload arbitrary files due to miss...

The AliExpress Dropshipping with AliNext Lite WordPress plugin allows authenticated attackers with subscriber-level access or higher to upload arbitra...

This vulnerability in Verint software allows attackers to upload dangerous file types without proper restrictions, potentially leading to remote code ...

This vulnerability allows authenticated remote users to upload dangerous file types without restrictions in LIVEBOX Collaboration vDesk's vShare web s...

This vulnerability allows authenticated remote attackers to upload arbitrary files to NETGEAR ProSAFE Network Management System installations, leading...

The LearnPress WordPress LMS plugin has a vulnerability that allows authenticated attackers with Instructor-level permissions or higher to upload arbi...

This vulnerability allows authenticated remote attackers to upload malicious files through email attachments in BMC Track-It!, leading to remote code ...

This vulnerability allows authenticated remote attackers to bypass authentication and upload arbitrary files to NETGEAR ProSAFE Network Management Sys...

This vulnerability allows authenticated remote attackers to bypass authentication and upload arbitrary files to NETGEAR ProSAFE Network Management Sys...

This vulnerability allows authenticated remote attackers to upload malicious files to Ivanti Avalanche web components, leading to arbitrary command ex...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of projeqtor. Attackers can exploit the /v...

This vulnerability allows authenticated remote attackers to upload malicious PHP files to lepton v7.1.0, potentially leading to remote code execution....

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Zippy plugin, potentially leading to remote code executio...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to upload arbitrary files to the server due to missing ...

The Brizy Page Builder WordPress plugin allows authenticated attackers with contributor-level access or higher to upload arbitrary files due to missin...

The Booster Elite for WooCommerce WordPress plugin allows arbitrary file uploads due to missing file type validation in the wc_add_new_product() funct...

The Avada WordPress theme has a vulnerability that allows authenticated attackers with contributor-level access or higher to upload arbitrary files du...

F-logic DataCube3 v1.0 has an unrestricted file upload vulnerability that allows authenticated attackers to upload malicious files by manipulating fil...

An unrestricted file upload vulnerability in CodeAstro Membership Management System v1.0 allows remote attackers to upload malicious PHP files through...

SINEC NMS versions before V2.0 SP1 contain a vulnerability allowing arbitrary file upload via TFTP. Attackers can upload malicious firmware images or ...

This vulnerability allows authenticated attackers to upload malicious files to Atos Unify OpenScape Xpressions WebAssistant, leading to remote code ex...

An authenticated file upload vulnerability in Software Publico e-Sic Livre v2.0 and earlier allows remote attackers to bypass extension filtering and ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to MCMS 5.3.5 systems via a crafted POST request to /ms/file/upload.do. ...

This vulnerability allows authenticated attackers to upload specially crafted SVG files that bypass input validation in a-blog CMS, leading to remote ...

DedeCMS 5.7.112 contains an unrestricted file upload vulnerability in the module_upload.php component. Attackers can upload malicious files to execute...

This vulnerability in the My Account Page Editor WordPress plugin allows authenticated users (even with low privileges like 'subscriber') to upload ar...

The Essential Real Estate WordPress plugin before version 4.4.0 allows low-privileged users like subscribers to upload malicious PHP files disguised a...

Online Notice Board System v1.0 has an insecure file upload vulnerability that allows authenticated attackers to upload malicious files. This can lead...

CVE-2023-50038 is an arbitrary file upload vulnerability in Textpattern CMS v4.8.8 that allows authenticated attackers to upload malicious files to th...

This vulnerability allows remote attackers to upload malicious files to JIZHICMS v2.5 through the download_url parameter, potentially leading to arbit...

The rtMedia WordPress plugin before version 4.6.16 has an unrestricted file upload vulnerability that allows authenticated users with low privileges (...

The WP Mail Log WordPress plugin before version 1.1.3 fails to properly validate file extensions when uploading attachments to emails, allowing attack...

This vulnerability in MLflow allows attackers to write arbitrary files to arbitrary locations on the server filesystem, potentially leading to remote ...

The Vrm 360 3D Model Viewer WordPress plugin through version 1.2.1 contains an arbitrary file upload vulnerability due to insufficient security checks...

Kaifa Technology WebITR online attendance system has an unrestricted file upload vulnerability that allows authenticated users to upload dangerous fil...

This vulnerability allows attackers to upload arbitrary ZIP files containing malicious code to Pluck-CMS, leading to remote code execution. Attackers ...

This vulnerability in ThinkAdmin v6.1.53 allows attackers to upload and execute arbitrary PHP files via a crafted URL to the /admin/api.plugs/script e...

This vulnerability allows remote attackers to upload malicious files through Microweber's forms component, leading to arbitrary code execution. It aff...

This vulnerability allows authenticated users with learner roles in Chamilo LMS to upload arbitrary PHP files through the exercise.ajax.php endpoint, ...

This vulnerability allows authenticated users with learner roles in Chamilo LMS to upload arbitrary PHP files through the document upload functionalit...

This vulnerability allows an attacker who can log into affected NEC clustering software to execute arbitrary commands with potentially elevated privil...

Guest Entries PHP library versions before 3.1.2 allow authenticated users to upload PHP files through the front-end file upload feature, potentially l...

CVE-2023-41357 is an unrestricted file upload vulnerability in Galaxy Software Services Corporation Vitals ESP knowledge base management portal. Authe...

An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to upload malicious files that can lead to remote code execution. This affe...