CWE-434: Unrestricted File Upload

This vulnerability allows authenticated attackers with administrator-level WordPress access to upload arbitrary files with double extensions, potentia...

The CRM Perks Forms WordPress plugin allows authenticated administrators to upload arbitrary files due to insufficient validation in the 'handle_uploa...

This vulnerability allows attackers to upload malicious files to Webkul Qloapps v1.6.0.0, potentially leading to remote code execution. Any organizati...

The Redux Framework WordPress plugin versions 4.4.12 to 4.4.17 allow unauthenticated attackers to upload JSON files due to missing authorization check...

The Bit Form WordPress plugin allows authenticated attackers with administrator permissions to upload arbitrary files due to missing file type validat...

This vulnerability in CHANGING Mobile One Time Password allows remote attackers with administrator privileges to upload malicious files through a hidd...

This vulnerability in ASUS Download Master allows authenticated administrators to upload arbitrary files to any location on the system due to improper...

This vulnerability allows high-privilege attackers to upload malicious files to Adobe Commerce systems, potentially leading to arbitrary code executio...

This vulnerability allows authenticated privileged users in Ivanti Avalanche to upload arbitrary files, leading to remote code execution with SYSTEM p...

This vulnerability in Triangle MicroWorks SCADA Data Gateway allows authenticated remote attackers to bypass authentication and upload arbitrary files...

CVE-2020-22539 is an arbitrary file upload vulnerability in Codoforum v4.9's Add Category function, allowing attackers to upload malicious files that ...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Moove Agency Import XML and RSS Feeds plugin. Attackers c...

The BookingPress WordPress plugin allows authenticated administrators to upload arbitrary files due to insufficient filename validation. This vulnerab...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Theme Editor plugin. It affects all WordPress installations...

This vulnerability allows authenticated WordPress users to upload arbitrary files, including malicious scripts, to affected websites. It affects the T...

This vulnerability in phpMyFAQ allows attackers to upload malicious PHP files by manipulating Content-type and lang parameters during category image u...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Icons Font Loader plugin. It affects all WordPress installa...

CVE-2024-22426 is an unauthenticated remote OS command injection vulnerability in Dell RecoverPoint for Virtual Machines. An attacker can execute arbi...

The EditorsKit WordPress plugin has an arbitrary file upload vulnerability in versions up to 1.40.3. Authenticated attackers with administrator privil...

This vulnerability allows authenticated attackers to upload malicious .phtml files to Schlix CMS, leading to remote code execution and potential data ...

CVE-2024-24399 is an arbitrary file upload vulnerability in LEPTON CMS v7.0.0 that allows authenticated attackers to upload PHP files to the languages...

The Theme Demo Import WordPress plugin before version 1.1.1 contains an unrestricted file upload vulnerability. High-privilege users (administrators) ...

This vulnerability in PMB v7.4.8 allows remote attackers to upload malicious PHP files through the start_import.php endpoint, leading to arbitrary cod...

The Export and Import Users and Customers WordPress plugin up to version 2.4.8 has insufficient file type validation in the upload_import_file functio...

This vulnerability allows high-privileged WordPress users (like administrators) to upload arbitrary files including web shells to the server through t...

This vulnerability allows attackers who steal the AdminToken cookie to upload malicious crontab files to GL.iNet devices, leading to arbitrary code ex...

The E2Pdf WordPress plugin has an arbitrary file upload vulnerability in versions up to 1.20.25 due to insufficient file type validation. This allows ...

The BookingPress WordPress plugin up to version 1.0.76 contains an arbitrary file upload vulnerability in the 'bookingpress_process_upload' function d...

CVE-2023-46004 is an arbitrary file upload vulnerability in Sourcecodester Best Courier Management System 1.0 that allows attackers to upload maliciou...

This vulnerability allows remote authenticated attackers to execute arbitrary commands on IBM Security Verify Privilege On-Premises systems by sending...

This vulnerability in Welcart e-Commerce allows users with editor or higher privileges to upload arbitrary files to unauthorized directories. This cou...

This vulnerability in SiberianCMS allows administrators to upload dangerous file types without proper validation. Attackers with admin access could up...

This vulnerability allows remote attackers to execute arbitrary code on PerfreeBlog installations by uploading malicious plugin files through the admi...

This vulnerability allows remote attackers to upload malicious PHP files to an Online Travel Agency System v1.0 via the employee_insert.php endpoint. ...

This vulnerability allows attackers to upload arbitrary PHP files to WBCE CMS through the /languages/install.php component, leading to remote code exe...

This vulnerability allows authenticated attackers to upload arbitrary files to Veritas InfoScale Operations Manager servers, which can then be execute...

CVE-2023-3692 is an unrestricted file upload vulnerability in Admidio that allows attackers to upload malicious files to the server. This affects Admi...

This vulnerability in WL-WN531AX2 routers allows attackers with administrative access to upload arbitrary files and execute operating system commands ...

CVE-2023-34736 is an arbitrary file upload vulnerability in Guantang Equipment Management System version 4.12 that allows attackers to upload maliciou...

This vulnerability allows remote attackers to upload malicious files through the theme.php file in Pluck CMS, potentially leading to arbitrary code ex...

CVE-2023-33569 allows remote attackers to execute arbitrary code on Faculty Evaluation System v1.0 installations via the ip/eval/ajax.php?action=updat...

The ZYREX POPUP WordPress plugin through version 1.0 allows administrators to upload arbitrary files without proper validation, bypassing file system ...

This vulnerability allows attackers to bypass Drupal's filename sanitization when .htaccess files are explicitly allowed for upload, potentially leadi...

This vulnerability allows remote authenticated attackers with high privileges to execute arbitrary commands on Meinberg LTOS systems by exploiting imp...

This vulnerability allows attackers with administrator permissions to upload malicious files disguised as images, leading to remote code execution on ...

This vulnerability allows attackers to upload arbitrary PHP files to the Dynamic Transaction Queuing System v1.0 through the /admin/ajax.php endpoint....

Pluck CMS has an authenticated remote code execution vulnerability in its albums module. Attackers with administrator credentials can upload malicious...

This vulnerability allows attackers to upload malicious .phtml files to Jizhicms administration panels, leading to remote code execution. Any organiza...

CVE-2022-40924 is an arbitrary file upload vulnerability in Zoo Management System v1.0 that allows attackers to upload malicious files through the ani...

Barangay Management System v1.0 contains an arbitrary file upload vulnerability in the resident module editing function. Attackers can upload maliciou...