CWE-434: Unrestricted File Upload

CVE-2021-36121 is an unrestricted file upload vulnerability in Echo ShareCare 8.15.5 that allows authenticated users to upload arbitrary files to arbi...

CVE-2021-28931 is an arbitrary file upload vulnerability in Fork CMS that allows attackers to upload malicious zip files to the Themes panel, enabling...

This vulnerability allows authenticated users to upload and execute malicious PHAR archives in CiviCRM, potentially leading to remote code execution. ...

CVE-2021-32243 is an authenticated file upload vulnerability in FOGProject that allows remote code execution. Attackers with valid credentials can upl...

This vulnerability allows non-administrative users to upload malicious files to the ZOLL Defibrillator Dashboard web application, potentially enabling...

CVE-2021-34128 is an arbitrary file upload vulnerability in LaikeTui e-commerce software that allows authenticated attackers to upload ZIP archives co...

This vulnerability allows remote authenticated users to upload and execute arbitrary JSP files via the view_edit.shtm endpoint in ScadaBR. This leads ...

CVE-2020-36141 is an unrestricted file upload vulnerability in BloofoxCMS that allows attackers to bypass MIME type validation by inserting 'image/jpe...

This vulnerability allows remote authenticated users to upload malicious files to Synology Photo Station, which can lead to arbitrary code execution. ...

This vulnerability allows any authenticated WordPress user to upload arbitrary files via the wp_ajax_upload-remote-file AJAX action in the External Me...

CVE-2020-26678 is a remote code execution vulnerability in vFairs 3.3 that allows authenticated users to upload malicious PHP files via profile pictur...

CVE-2021-32094 allows authenticated users to upload arbitrary files to NSA Emissary workflow application. This could lead to remote code execution or ...

This vulnerability in the Easy Form Builder WordPress plugin allows authenticated users with low privileges to upload arbitrary files without security...

This vulnerability in Vesta Control Panel allows attackers to upload files from different origins due to improper access controls in the upload handle...

CVE-2021-27513 is an arbitrary file upload vulnerability in the admin_ITSM module of EyesOfNetwork 5.3-10 that allows authenticated attackers to uploa...

CVE-2021-3164 allows authenticated users in ChurchRota to upload and execute arbitrary files via a POST request to resources.php, even without file up...

CVE-2020-24549 is an unrestricted file upload vulnerability in openMAINT that allows authenticated users to upload arbitrary JSP files to the web serv...

CVE-2020-19364 is an unrestricted file upload vulnerability in OpenEMR that allows authenticated attackers to upload and execute malicious PHP scripts...

This vulnerability in Ultimate WooCommerce Gift Cards allows attackers to upload malicious PHP files disguised as images, leading to remote code execu...

CVE-2020-27397 is an authenticated file upload vulnerability in Marital - Online Matrimonial Project in PHP version 1.0 that allows attackers to uploa...

This vulnerability allows attackers to bypass client-side file upload restrictions in tangro Business Workflow, enabling them to upload any file type ...

This vulnerability allows authenticated remote attackers to upload arbitrary files to EcoStruxure Building Operation WebReports servers, potentially l...

This vulnerability allows remote attackers to upload arbitrary files through the edit profile functionality in ARTWORKS GALLERY software. Attackers ca...

This vulnerability allows authenticated attackers to upload malicious PHP files disguised as themes via zip archives in HorizontCMS. Once uploaded, th...

This vulnerability allows authenticated attackers to upload malicious files through Sentrifugo's announcement attachment feature, potentially leading ...

This vulnerability in SuiteCRM allows remote code execution by manipulating the Log File Name setting to point to an attacker-controlled PHP file. It ...

CVE-2020-12715 is an incorrect access control vulnerability in RainbowFish PacsOne Server 6.8.4 that allows unauthenticated attackers to bypass authen...

Pluck CMS 4.7.10-dev2 and 4.7.11 contain a file upload vulnerability in the admin.php?action=files endpoint that allows authenticated attackers to upl...

This vulnerability allows authenticated remote attackers to upload malicious files to IBM Data Risk Manager (iDNA) due to improper file extension vali...

This vulnerability allows authenticated users in vtecrm vtenext 19 CE to upload malicious .pht files, which can lead to remote code execution on the s...

This vulnerability in Marvell QConvergeConsole allows authenticated remote attackers to bypass authentication and execute arbitrary code with SYSTEM p...

Tandoor Recipes versions before 1.5.28 contain an unrestricted file upload vulnerability that allows attackers to upload malicious HTML and SVG files ...

This vulnerability allows authenticated attackers to bypass file type validation in SAP BusinessObjects Business Intelligence Platform's Web Intellige...

Moss versions before 0.15 have an unrestricted file upload vulnerability that allows attackers to upload arbitrary files to any location on the server...

This vulnerability allows attackers to upload malicious PHP files disguised as images to the Web-based Pharmacy Product Management System v1.0. By mod...

This vulnerability allows unauthenticated attackers to upload arbitrary files with any extension to TYPO3 CMS servers. It affects TYPO3 installations ...

This vulnerability allows unauthenticated remote attackers to upload arbitrarily large files to specific folders on Cisco ASA and Firepower Threat Def...

This vulnerability allows authenticated GLPI users to upload and execute arbitrary PHP files on the server, leading to remote code execution. It affec...

This vulnerability in IBM Security Guardium Key Lifecycle Manager allows attackers to upload dangerous file types that can be automatically processed ...

CVE-2021-39154 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...

CVE-2021-39146 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...

CVE-2021-39148 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...

CVE-2021-39151 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers can manipulate XML input to execute arbit...

CVE-2021-39139 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...

An arbitrary file upload vulnerability in WSO2 products allows authenticated administrators to upload malicious files to user-controlled locations via...

This vulnerability allows reflected cross-site scripting (XSS) in Centreon web interface via malicious SVG file uploads. An authenticated user with el...

This vulnerability in Draytek routers allows attackers to upload malicious APP Enforcement modules, leading to arbitrary code execution with root priv...

CVE-2023-50729 is an unrestricted file upload vulnerability in Traccar GPS tracking systems that allows attackers to upload malicious files to arbitra...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the Slider Revolution plugin. Attackers ...

This vulnerability allows authenticated admin users in SAP BusinessObjects Business Intelligence Platform (CMC) to upload malicious code that gets exe...