CWE-434: Unrestricted File Upload

This vulnerability allows attackers to upload arbitrary PHP files through the Advertising Management module of Feehi CMS. Attackers can achieve remote...

Arox School ERP Pro v1.0 contains multiple arbitrary file upload vulnerabilities that allow attackers to upload malicious files to the server. This af...

Microweber 1.1.3 has an arbitrary file upload vulnerability that allows attackers to upload malicious files disguised as pictures, potentially leading...

An unrestricted file upload vulnerability in Strapi 4.1.12 allows authenticated users with upload permissions to upload PDF files containing JavaScrip...

CVE-2015-1784 is an arbitrary file upload vulnerability in the NextGEN Gallery WordPress plugin that allows attackers to upload malicious files and ex...

The User Photo WordPress plugin version 0.9.4 has insufficient file upload validation, allowing attackers to upload malicious PHP files disguised as i...

CVE-2022-2111 is an unrestricted file upload vulnerability in InvenTree inventory management software that allows attackers to upload malicious files ...

CVE-2022-30820 is an arbitrary file upload vulnerability in Wedding Management v1.0 that allows attackers to upload malicious files through the pictur...

Wedding Management System v1.0 contains an arbitrary file upload vulnerability in the users_profile.php picture upload function. This allows attackers...

CVE-2022-29624 is an arbitrary file upload vulnerability in TPCMS v3.2 that allows attackers to upload malicious PHP files through the Add File functi...

The Advanced Uploader WordPress plugin through version 4.2 contains an unrestricted file upload vulnerability that allows any authenticated user (incl...

The SP Project & Document Manager WordPress plugin before version 4.24 contains an insufficient file extension validation vulnerability on Windows ser...

This vulnerability in the Elementor Website Builder plugin for WordPress allows authenticated attackers to execute unauthorized AJAX actions due to mi...

This vulnerability allows unauthenticated attackers to upload malicious PHP files to BigAnt Office Messenger servers via the im_webserver component. A...

Online Project Time Management System v1.0 contains an arbitrary file write vulnerability that allows attackers to upload crafted HTML files and achie...

This vulnerability allows attackers to upload arbitrary files including webshells via the product image upload feature in Ecommerce-Website v1.1.0. At...

Car Rental System v1.0 contains an arbitrary file upload vulnerability in the Add Car component that allows attackers to upload malicious files like w...

This vulnerability allows authenticated remote attackers to upload malicious ASPX files to IdeaRE RefTree web servers, leading to remote code executio...

The Amelia WordPress plugin before version 1.0.47 allows authenticated users with the 'Amelia Manager' role to upload files with arbitrary extensions,...

This vulnerability allows remote attackers to upload malicious web shell scripts through the file manager in Croogo CMS, leading to remote code execut...

An authenticated attacker with low privileges can upload malicious files disguised as MP3s to execute arbitrary code on Quicklert for Digium servers. ...

Extensis Portfolio v4.0 contains an authenticated unrestricted file upload vulnerability in the Catalog Asset Upload function. This allows authenticat...

Extensis Portfolio v4.0 contains an authenticated unrestricted file upload vulnerability in the AdminFileTransferServlet component. This allows authen...

CVE-2022-25360 allows authenticated remote attackers with unprivileged credentials to upload files to arbitrary locations on WatchGuard Firebox and XT...

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability where attackers can upload malicious files through the image upload f...

This vulnerability allows remote attackers to execute arbitrary commands on Voipmonitor GUI systems by uploading a malicious file to the web root. Att...

CVE-2021-46113 is a remote code execution vulnerability in KEA-Hotel-ERP open source software that allows attackers to upload malicious PHP files thro...

This vulnerability in ownCloud's files_antivirus component allows malicious files uploaded to public shares to persist even after antivirus detection....

CVE-2021-34995 is an authentication bypass vulnerability in Commvault CommCell that allows authenticated attackers to upload arbitrary files and execu...

This vulnerability allows authenticated remote attackers to bypass authentication mechanisms and upload arbitrary files to Commvault CommCell installa...

This vulnerability allows authenticated remote attackers to upload arbitrary files to SysAid ITIL servers via the /UploadPsIcon.jsp endpoint. Successf...

This vulnerability allows unauthenticated attackers to upload malicious PHP files to the Vehicle Service Management System 1.0, leading to remote code...

CVE-2021-36719 is an unrestricted file upload vulnerability in PineApp Mail Secure's nicUpload.php file that allows authenticated attackers to upload ...

This vulnerability allows remote attackers to upload malicious scripts and execute arbitrary code on Grand Vice info Co. webopac7 systems. Attackers w...

This vulnerability allows authenticated users to execute arbitrary code on Pentaho servers by exploiting BeanShell script inclusion in report (.prpt) ...

This vulnerability allows remote attackers to upload arbitrary PHP files through the account update and customer creation features in Sourcecodester C...

Tran Tu Air Sender v1.0.2 contains an arbitrary file upload vulnerability in its upload module that allows attackers to upload malicious files and exe...

SuiteCRM versions before 7.11.19 allow remote code execution via the Log File Name setting in system settings. Attackers who compromise admin accounts...

CVE-2021-3846 is an unrestricted file upload vulnerability in Firefly III personal finance software that allows attackers to upload dangerous file typ...

CVE-2021-41919 is an unrestricted file upload vulnerability in webTareas that allows authenticated users to upload dangerous files via the profile pic...

This vulnerability allows authenticated users with business authorization in SAP Business One to upload arbitrary files, including malicious scripts, ...

This vulnerability allows attackers to upload arbitrary HTML files to the ZKEACMS admin media upload endpoint, which can lead to remote code execution...

This vulnerability in the WordPress Simple Ecommerce Shopping Cart Plugin allows administrators to upload arbitrary files, including PHP files, withou...

This vulnerability allows authenticated users in IBM OpenPages with Watson to upload malicious files that can execute arbitrary code on the server. It...

This vulnerability allows authenticated users in Sitecore to upload arbitrary files, including malicious .aspx files, leading to remote code execution...

This vulnerability allows authenticated attackers to upload arbitrary files to Trend Micro security products due to improper input validation. Attacke...

CVE-2021-36121 is an unrestricted file upload vulnerability in Echo ShareCare 8.15.5 that allows authenticated users to upload arbitrary files to arbi...

CVE-2021-28931 is an arbitrary file upload vulnerability in Fork CMS that allows attackers to upload malicious zip files to the Themes panel, enabling...

This vulnerability allows authenticated users to upload and execute malicious PHAR archives in CiviCRM, potentially leading to remote code execution. ...

CVE-2021-32243 is an authenticated file upload vulnerability in FOGProject that allows remote code execution. Attackers with valid credentials can upl...