CWE-434: Unrestricted File Upload

CVE-2023-50729 is an unrestricted file upload vulnerability in Traccar GPS tracking systems that allows attackers to upload malicious files to arbitra...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the Slider Revolution plugin. Attackers ...

This vulnerability allows authenticated admin users in SAP BusinessObjects Business Intelligence Platform (CMC) to upload malicious code that gets exe...

FNT Command 13.4.0 contains a directory traversal vulnerability (CWE-434) that allows attackers to access files outside the intended directory. This a...

This vulnerability allows attackers to execute arbitrary code on Eaton BLSS systems by exploiting improper file upload validation. It affects all Eato...

FlowiseAI version 3.0.7 contains a file upload vulnerability that allows authenticated users to upload arbitrary files without validation. This enable...

This vulnerability allows authenticated back-end users with file manager access in Contao CMS to upload malicious files and execute arbitrary code on ...

This vulnerability allows attackers to upload malicious PHP files disguised as images through front-end forms in Statamic CMS. It affects websites usi...

CVE-2018-25171 is an unauthenticated SQL injection vulnerability in EdTv 2 that allows attackers to execute arbitrary SQL queries through the 'id' par...

A file upload vulnerability in Motivian Content Management System v41.0.0 allows remote attackers to upload arbitrary files, potentially leading to re...

The Royal Elementor Addons and Templates WordPress plugin has a vulnerability that allows unauthenticated attackers to upload dangerous file types lik...

HCL DRYiCE MyXalytics has an unauthenticated file upload vulnerability that allows attackers to upload malicious files without authentication. This af...

This vulnerability allows remote attackers to execute arbitrary code on M-Files Web Companion servers by uploading specially crafted files. It affects...

An authentication bypass vulnerability in PaperCut NG allows unauthenticated remote attackers to upload arbitrary files to the server's storage. This ...

This vulnerability allows authenticated users to bypass file upload validation in Pimcore by adding a fake GIF signature to malicious files. Attackers...

CVE-2020-25037 is a command injection vulnerability in UCOPIA Wi-Fi appliances that allows authenticated admin users to escape restricted commands and...

This vulnerability allows attackers to upload malicious files to Teknoera software, potentially leading to file content injection attacks. It affects ...

The Redirection for Contact Form 7 WordPress plugin allows unauthenticated attackers to upload arbitrary files to the server due to missing file type ...

The SureMail WordPress plugin allows unauthenticated attackers to upload malicious PHP files through public forms that email attachments, leading to r...

The Pie Forms for WP WordPress plugin has an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files like ...

The Gravity Forms WordPress plugin allows unauthenticated attackers to upload .phar files through its legacy chunked upload mechanism, bypassing file ...

The Booster for WooCommerce WordPress plugin allows unauthenticated attackers to upload arbitrary files with double extensions due to missing file typ...

This vulnerability allows authenticated admin users in Grav CMS to upload malicious plugins through the direct-install interface, leading to arbitrary...

The BerqWP WordPress plugin has an unauthenticated arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. ...

This vulnerability in Firefox and Thunderbird allows saved files from the Network tab in Devtools to lack the .download extension, potentially causing...

This vulnerability allows unauthenticated attackers to upload malicious files like .phar extensions to WordPress sites using the Drag and Drop Multipl...

The eMagicOne Store Manager for WooCommerce WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type valid...

An insecure file upload vulnerability in Verydows v2.0 allows remote attackers to upload malicious files and execute arbitrary code on the server. Thi...

The Booster for WooCommerce WordPress plugin versions 4.0.1 through 7.2.4 contain an arbitrary file upload vulnerability due to missing file type vali...

The Product Input Fields for WooCommerce WordPress plugin has an arbitrary file upload vulnerability due to insufficient file type validation. Unauthe...

This vulnerability allows attackers to upload malicious files to affected Schneider Electric devices, potentially rendering them inoperable. The issue...

An arbitrary file upload vulnerability in JeeWMS allows attackers to upload malicious files that can lead to remote code execution. This affects all J...

Sage 1000 v7.0.0 contains an unrestricted file upload vulnerability that allows authorized users to upload malicious files without proper validation. ...

MCMS v5.4.1 has an unauthenticated front-end file upload vulnerability that allows attackers to upload malicious files and execute arbitrary commands ...

This vulnerability allows unauthenticated attackers to upload malicious files to WordPress sites using the Metform Elementor Contact Form Builder plug...

CVE-2023-46694 is an arbitrary file upload vulnerability in Vtenext 21.02 that allows authenticated attackers to upload malicious files through the Ck...

Phpgurukul Tourism Management System v2.0 contains an unrestricted file upload vulnerability in the admin panel's change-image.php endpoint. Attackers...

The Piotnet Forms WordPress plugin up to version 1.0.26 allows unauthenticated attackers to upload arbitrary files due to insufficient file type valid...

This vulnerability allows attackers to upload malicious files to Mobatime web servers through documentary proof upload modules. Attackers can upload w...

Kiwi TCMS versions before 12.2 allow unrestricted file uploads, enabling attackers to upload malicious files like executables or JavaScript-containing...

Judging Management System 1.0 contains an arbitrary file upload vulnerability in edit_organizer.php that allows attackers to upload malicious files, p...

This vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to write arbitrary files to the system. This could lead to...

Machform versions before 16 allow unauthenticated attackers to execute arbitrary code on the server by uploading malicious file attachments through fo...

This vulnerability allows remote attackers to execute arbitrary PHP code on servers running vulnerable versions of elFinder file manager. Attackers ca...

This vulnerability in E-POINT CMS allows attackers to upload nested ZIP archives containing executable files like webshells. When extracted, these fil...

IBM Planning Analytics 2.0 and 2.1 have a file upload vulnerability that allows attackers to upload malicious executable files through the web interfa...

IBM Planning Analytics 2.0 and 2.1 have a file upload vulnerability in the File Manager T1 process that allows attackers to upload malicious executabl...

This vulnerability in Optimizely EPiServer CMS Core allows attackers to upload malicious files like .docm and .html due to improper file validation. W...

IBM Cognos Analytics has a file upload vulnerability that allows attackers to upload malicious executable files through the web interface without prop...

A vulnerability in Digi ConnectPort LTS devices allows attackers to manipulate file paths during uploads via POST requests, enabling arbitrary file up...