CWE-434: Unrestricted File Upload

This vulnerability in IBM Cognos Controller allows attackers to upload malicious executable files through the web interface due to insufficient file v...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Bit Form plugin, potentially leading to code execution. It ...

This CVE describes a file upload vulnerability in CubeCart e-commerce software that allows authenticated users to upload malicious .phar files, leadin...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the WebToffee Order Export & Order Import for WooCommerce plugi...

This vulnerability allows authenticated users to upload files to arbitrary locations on the server filesystem through the 'Upload Resource' functional...

CVE-2022-2420 is a critical unrestricted file upload vulnerability in URVE Web Manager's uploader.php file. Attackers on the local network can upload ...

CVE-2022-2418 is a critical unrestricted file upload vulnerability in URVE Web Manager's img_upload.php component. Attackers with network access can u...

This vulnerability allows attackers to upload malicious files to the truDesk helpdesk software due to insufficient file type validation. Attackers cou...

CVE-2021-39040 is an unrestricted file upload vulnerability in IBM Planning Analytics Workspace 2.0 that allows attackers to upload malicious executab...

Eaton Intelligent Power Manager (IPM) versions before 1.69 allow authenticated attackers to upload arbitrary files, including malicious NodeJS code, v...

CVE-2020-4955 is a remote code execution vulnerability in IBM Spectrum Protect Operations Center that allows attackers to execute arbitrary code with ...

This vulnerability allows authenticated attackers to upload arbitrary files to IBM Spectrum Protect Plus Administrative Console, potentially leading t...

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems by exploiting insufficie...

Adobe Framemaker versions 2020.6, 2022.4 and earlier contain an unrestricted file upload vulnerability (CWE-434) that could allow arbitrary code execu...

CVE-2024-45136 is an unrestricted file upload vulnerability in Adobe InCopy that allows attackers to upload malicious files which could lead to arbitr...

This vulnerability allows a local attacker to upload malicious .mp3 files containing XSS payloads to October CMS, which can then execute arbitrary Jav...

This vulnerability in Expense Management System v1.0 allows a local attacker to upload a malicious file to the sign-up.php component, leading to arbit...

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to upload malicious SVG files as user profile avatars, w...

This vulnerability allows attackers to escalate privileges on macOS systems by exploiting an XPC misconfiguration in CoreCode MacUpdater. Attackers ca...

CVE-2023-43619 is a vulnerability in Croc file transfer software that allows a malicious sender to transfer dangerous files to a receiver, potentially...

This vulnerability allows attackers to upload malicious image files to Uvdesk 1.1.3, which can lead to remote code execution on the server. Any organi...

Firefox and Thunderbird failed to warn users when opening Diagcab files, which could contain malicious code. This vulnerability allows attackers to ex...

CVE-2021-27280 is an OS command injection vulnerability in mblog 3.5.0 that allows attackers to execute arbitrary system commands by uploading a malic...

CVE-2022-29637 is an arbitrary file upload vulnerability in Mindoc documentation software that allows attackers to upload malicious Zip files containi...

CVE-2022-29623 is an arbitrary file upload vulnerability in Express Connect-Multiparty 2.2.0 that allows attackers to upload malicious PDF files, pote...

CVE-2022-22392 is an unrestricted file upload vulnerability in IBM Planning Analytics Local 2.0 that allows attackers to upload arbitrary executable f...

This vulnerability allows attackers to upload arbitrary PHP files to ShopXO v1.9.0 through the PluginsUpload function, leading to remote code executio...

Classcms v2.5 and below contains an arbitrary file upload vulnerability in the classupload component. Attackers can upload crafted .txt files to execu...

This vulnerability allows remote attackers to execute arbitrary code on Home Owners Collection Management System v1.0 by uploading a specially crafted...

CVE-2022-0409 is an unrestricted file upload vulnerability in showdoc documentation software that allows attackers to upload dangerous file types. Thi...

This vulnerability allows attackers to upload malicious files to Pimcore systems due to insufficient file type validation. It affects all Pimcore inst...

KiteCMS V1.1 contains an arbitrary file upload vulnerability in the /admin/upload/uploadfile endpoint that allows attackers to upload malicious PHP fi...

This vulnerability allows attackers to upload arbitrary files to hdcms 5.7 via the /fileupload.php endpoint, potentially leading to remote code execut...

CVE-2020-7864 is an authentication bypass vulnerability in Raonwiz DEXT5Editor that allows attackers to upload and execute arbitrary files through par...

This vulnerability allows remote attackers to execute arbitrary code on affected systems by uploading a malicious SSD file. It affects EcoStruxure Pow...

This vulnerability in PNotes.NET allows a local attacker to upload malicious executable files through the 'External Programs' feature, leading to arbi...

CMS Made Simple 2.2.14 allows authenticated users to upload malicious .ptar files through the File Manager, potentially leading to arbitrary code exec...

This vulnerability allows attackers to upload malicious files to web servers running Innorix WP, potentially leading to remote code execution. All ver...

CVE-2024-37179 is an unrestricted file download vulnerability in SAP BusinessObjects Business Intelligence Platform. Authenticated attackers can explo...

A local file upload vulnerability in Byzro Network Smart s42 Management Platform allows attackers to upload malicious files and execute arbitrary code...

PerfreeBlog v4.0.11 contains an arbitrary file upload vulnerability in the installPlugin function that allows attackers to upload malicious files. Thi...

LinkAce versions before 1.15.6 contain a file upload vulnerability in the 'Import Bookmarks' feature that allows attackers to upload malicious HTML fi...

This vulnerability allows attackers to upload PHP files to Pandora FMS servers without proper restrictions, enabling remote code execution. It affects...

The Modula Image Gallery WordPress plugin versions 2.13.1 to 2.13.2 contain a vulnerability that allows authenticated attackers with Author-level perm...

CVE-2025-65844 is an unauthenticated arbitrary file upload vulnerability in EverShop 2.0.1 that allows attackers to upload any file type and create di...

An arbitrary file upload vulnerability in Lenovo Scanner Pro client allows attackers to upload malicious files that could lead to remote code executio...

This vulnerability in Audi UTR 2.0 Universal Traffic Recorder allows attackers to overwrite arbitrary files on the system by sending a specially craft...

The WP Import Export Lite WordPress plugin allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing ...

This vulnerability allows unauthenticated attackers to upload arbitrary WAV files to affected Mitel SIP phones due to missing authentication mechanism...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary files to the server due to missing ...