CWE-434: Unrestricted File Upload

An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to upload malicious files that can lead to remote code execution. This affe...

SugarCRM has an unrestricted file upload vulnerability in the Notes module that allows authenticated users to upload malicious PHP files. This affects...

This vulnerability allows authenticated attackers to upload arbitrary files and execute code on the underlying operating system through the Unify Open...

This vulnerability allows remote attackers to upload malicious files through the edit profile component in Simple and Nice Shopping Cart Script v1.0, ...

This CVE describes an authenticated command injection vulnerability in Digital China Networks DCFW-1800-SDC firewall devices. An attacker with valid c...

This vulnerability allows authenticated attackers to upload arbitrary files to the affected application, potentially leading to remote code execution ...

This vulnerability allows remote attackers to execute arbitrary code on Economizzer servers by uploading malicious PHP files as attachments. Attackers...

This vulnerability in EliteCMS v1.01 allows remote attackers to upload arbitrary files through the manage_uploads.php component, potentially leading t...

An unrestricted file upload vulnerability in Fl3xx Dispatch and Crew versions 2.10.37 allows remote attackers to upload malicious files via the add at...

CVE-2023-36319 is a file upload vulnerability in Openupload Stable v0.4.3 that allows remote attackers to execute arbitrary code via the compress-inc....

This vulnerability allows attackers to upload malicious JPG files containing HTML code to the /user/upload component of lenosp, which can lead to arbi...

CVE-2023-41108 is an authenticated remote code execution vulnerability in TEF portal version 2023-07-17. Attackers with valid credentials can upload m...

This vulnerability allows attackers to upload arbitrary files to the Gestione Documentale module in RealGimm 1.1.37p38, potentially leading to remote ...

The FULL - Customer WordPress plugin up to version 2.2.3 contains an arbitrary file upload vulnerability via the /install-plugin REST route due to imp...

CVE-2023-39346 is a remote code execution vulnerability in LinuxASMCallGraph software that allows attackers to execute arbitrary code on the server by...

This vulnerability allows attackers to upload malicious files to Omeka-S web applications, potentially leading to remote code execution. It affects al...

This vulnerability allows remote attackers to upload malicious files and execute arbitrary code on Typecho v1.2.1 installations. Attackers can exploit...

CVE-2023-36212 is a file upload vulnerability in Total CMS v1.7.4 that allows remote attackers to upload crafted PHP files through the edit page funct...

This vulnerability allows authenticated attackers to upload arbitrary files to EVERTZ devices, potentially enabling webshell deployment or critical sy...

This vulnerability allows authenticated attackers to upload arbitrary files with root privileges on SonicWall GMS and Analytics systems. Attackers cou...

This vulnerability allows authenticated privileged users in Zimbra Collaboration Suite to upload malicious files through the ClientUploader function, ...

CMS Made Simple v2.2.17 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious files and execute arbitra...

CVE-2020-21861 is an unrestricted file upload vulnerability in DuxCMS 2.1 that allows attackers to upload arbitrary PHP files through the admin upload...

CVE-2023-36630 is an insecure file upload vulnerability in CloudPanel that allows attackers to upload malicious files without proper validation. This ...

This vulnerability allows remote attackers to execute arbitrary code on WUZHI CMS systems via an unsafe file upload mechanism in the set_chache method...

CVE-2020-20067 is a file upload vulnerability in ebCMS v1.1.0 that allows remote attackers to upload malicious files and execute arbitrary code on the...

This vulnerability in the Unlimited Elements For Elementor WordPress plugin allows authenticated attackers with contributor-level permissions or highe...

CVE-2023-33253 is a remote code execution vulnerability in LabCollector that allows authenticated low-privileged users to upload malicious PHP files a...

CVE-2023-33498 is an access control vulnerability in Alist file listing software where low-privilege user accounts can upload any file type regardless...

The AdSanity WordPress plugin up to version 1.8.1 contains a vulnerability that allows authenticated users with Contributor-level permissions or highe...

This vulnerability allows attackers to upload arbitrary PHP files through the admin upload functionality in phpok v6.4.100, leading to remote code exe...

This vulnerability in the PWA for WP & AMP WordPress plugin allows authenticated attackers to upload arbitrary files due to missing file type validati...

This vulnerability allows remote attackers to execute arbitrary code on Genesys CIC Polycom phone provisioning TFTP servers by exploiting improper inp...

MCMS 5.0 contains a file upload vulnerability that allows attackers to upload malicious files disguised as thumbnails, leading to arbitrary code execu...

This vulnerability allows authenticated remote attackers to set the default storage path to the webroot directory in Jedox installations. Subsequent f...

CLTPHP versions up to 6.0 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This affect...

CVE-2023-27755 is an arbitrary file download vulnerability in go-bbs v1 that allows attackers to download any file from the server via the /api/v1/dow...

Employee Performance Evaluation System v1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files to the ser...

Online Pizza Ordering v1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. This can lea...

This vulnerability in the JetEngine WordPress plugin allows attackers to upload files that can be executed as code, leading to remote code execution. ...

CVE-2023-0265 is a remote code execution vulnerability in Uvdesk that allows authenticated attackers to execute arbitrary commands on the server by up...

This vulnerability allows attackers to upload malicious PHP files through CSZ CMS's file upload functionality, leading to remote code execution. It af...

This vulnerability allows attackers to upload malicious firmware to Netgear Nighthawk RAX30 routers by exploiting a hidden 'forceFWUpdate' parameter t...

The Auto Featured Image WordPress plugin before version 3.9.16 contains an insecure AJAX endpoint that allows authenticated users with Author privileg...

This vulnerability allows authenticated users to upload malicious PHP files to AvantFAX servers by bypassing file type validation. Attackers can execu...

This vulnerability allows attackers to upload malicious files to the Cockpit CMS due to insufficient file type validation. It affects all users runnin...

This CVE describes a remote code execution vulnerability in phpwcms where attackers can upload malicious files to execute arbitrary code on the server...

CVE-2022-45968 allows authenticated users with file upload permission to upload arbitrary files to any folder in Alist v3.4.0, including password-prot...

CVE-2022-34549 is an arbitrary file upload vulnerability in Sims v1.0 that allows attackers to upload malicious files via the /uploadServlet component...

This vulnerability allows attackers to upload arbitrary PHP files through the Advertising Management module of Feehi CMS. Attackers can achieve remote...