CWE-434: Unrestricted File Upload

CVE-2025-1025 is an arbitrary file upload vulnerability in Cockpit CMS where attackers can bypass upload filters using different file extensions. This...

The Advanced File Manager WordPress plugin versions 5.2.12 to 5.2.13 allow authenticated attackers with Subscriber-level access and upload permissions...

The Advanced File Manager WordPress plugin allows authenticated attackers with Subscriber-level access to upload arbitrary files due to missing file t...

The File Manager Pro – Filester WordPress plugin up to version 1.8.6 allows authenticated attackers with Subscriber-level access (and administrator-...

This vulnerability allows attackers to bypass Google Quick Share's file validation by sending duplicate file transfer frames, enabling them to upload ...

The FileOrganizer WordPress plugin allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing file typ...

The File Manager Pro WordPress plugin allows unauthenticated attackers to download and upload arbitrary backup files through an AJAX endpoint without ...

The Advanced File Manager WordPress plugin allows authenticated attackers with Subscriber-level access to upload arbitrary files, including .htaccess ...

The AcyMailing WordPress plugin has a vulnerability that allows authenticated users with Subscriber-level access or higher to upload arbitrary files d...

TCPDF versions 6.6.5 and earlier contain a Regular Expression Denial of Service (ReDoS) vulnerability when processing untrusted SVG files. Attackers c...

This vulnerability allows attackers to upload arbitrary files, including malicious scripts, to WordPress sites using the vulnerable Layouts for Elemen...

Greykite v1.0.0 contains an arbitrary file upload vulnerability in the load_obj function that allows attackers to upload malicious pickle files. When ...

This vulnerability in DataEase allows attackers to upload malicious files disguised as images that can steal user cookies when accessed. It affects al...

This vulnerability allows remote attackers to upload arbitrary files via the /admin/plugin.php endpoint in EmlogCMS v6.0.0. Attackers can gain unautho...

SmartBear Zephyr Enterprise versions through 7.15.0 allow unauthenticated users to upload large files without authentication, which can fill up local ...

CVE-2023-25402 is an unrestricted file upload vulnerability in CleverStupidDog yf-exam 1.8.0 that allows attackers to upload arbitrary files without s...

CVE-2021-33615 is an unrestricted file upload vulnerability in RSA Archer 6.8 that allows attackers to upload malicious files to the server. This affe...

CVE-2021-33009 allows unauthenticated remote attackers to upload arbitrary files to the mySCADA myPRO system file system. This affects mySCADA myPRO v...

CVE-2021-37105 is an improper file upload vulnerability in Huawei FusionCompute virtualization software. Attackers can upload malicious files without ...

This vulnerability in Pure-FTPd allows attackers to bypass file size quotas and upload files of unlimited size, potentially causing denial of service ...

This vulnerability allows attackers to upload arbitrary files disguised as firmware updates to ASUS DSL-N14U-B1 routers. When the malicious file uses ...

CVE-2020-26286 is an unrestricted file upload vulnerability in HedgeDoc that allows unauthenticated attackers to upload arbitrary files including HTML...

CVE-2020-15488 is an insecure file upload vulnerability in Re:Desk 2.3 help desk software that allows attackers to upload malicious files without prop...

CVE-2020-25733 is an unrestricted file upload vulnerability in webTareas that allows attackers to upload dangerous .exe and .shtml files. This can lea...

This vulnerability allows attackers to cause a denial of service (DoS) by sending specially crafted input to applications using the .NET implementatio...

This vulnerability allows authenticated users to upload malicious files in edu-sharing's collection preview image upload function. Attackers can uploa...

CVE-2021-43829 is an unrestricted file upload vulnerability in PatrOwl Manager's findings import feature. Attackers can upload malicious files leading...

CVE-2020-7847 is an arbitrary file upload vulnerability in ipTIME NAS devices that allows attackers to upload malicious files through the Manage Bulle...

This vulnerability allows attackers to upload malicious files to Apache OFBiz servers, potentially leading to remote code execution or server compromi...

Computer Laboratory System 1.0 has an unrestricted file upload vulnerability that allows authenticated staff users to upload PHP backdoor files throug...

This vulnerability allows attackers to upload malicious files to Salesforce Tableau Server and traverse directory paths to write files to arbitrary lo...

This critical vulnerability allows remote attackers to upload arbitrary files to the Online Food Ordering System via the /addproduct.php endpoint. Att...

This critical vulnerability in Simple Online Hotel Reservation System 1.0 allows remote attackers to upload arbitrary files via the photo parameter in...

This critical vulnerability in the Magbanua Beach Resort Online Reservation System allows remote attackers to upload arbitrary files via the 'image' p...

This critical vulnerability allows remote attackers to upload arbitrary files to the Pool of Bethesda Online Reservation System via the uploadImage fu...

CVE-2024-5745 is a critical unrestricted file upload vulnerability in itsourcecode Bakery Online Ordering System 1.0. Attackers can remotely upload ma...

This vulnerability allows remote attackers to upload arbitrary files to the Vehicle Management System 1.0 via the /newvehicle.php endpoint. Attackers ...

This critical vulnerability in SourceCodester Student Management System 1.0 allows attackers to upload arbitrary files via the photo parameter in /stu...

This critical vulnerability in SourceCodester SchoolWebTech 1.0 allows attackers to upload arbitrary files via the /improve/home.php endpoint. Attacke...

This critical vulnerability in SourceCodester Online Discussion Forum Site 1.0 allows attackers to upload arbitrary files without restrictions via the...

This critical vulnerability in SourceCodester Prison Management System 1.0 allows remote attackers to upload arbitrary files via the avatar handler in...

This vulnerability allows remote attackers to upload arbitrary files to openBI systems due to insufficient validation in the Icon Handler component. A...

This critical vulnerability in openBI allows attackers to upload arbitrary files without restrictions via the uploadFile function. This affects all op...

This critical vulnerability in Yunyou CMS allows remote attackers to upload arbitrary files without restrictions by manipulating the templateFile para...

An unauthenticated remote attacker can upload arbitrary files and execute commands on Cisco Unity Connection systems via a vulnerable API in the web m...

This critical vulnerability in Likeshop allows attackers to upload arbitrary files without restrictions via the FileServer::userFormImage function. Re...

This critical vulnerability in Weaver E-Office 9.5 allows remote attackers to upload arbitrary files without restrictions via the mobile_upload_save f...

This critical vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 allows remote attackers to upload arbitrary files via the image ...

This vulnerability allows authenticated users with upload privileges to upload files of any type to the TopEase platform. Attackers can upload malicio...

This vulnerability in LemoCMS 1.8.x allows authenticated users to upload executable files through the upload functionality, bypassing intended file ty...