CWE-434: Unrestricted File Upload

The WP All Import WordPress plugin up to version 3.6.7 contains a vulnerability that allows authenticated attackers with administrator-level permissio...

CVE-2022-31854 is an arbitrary file upload vulnerability in Codoforum v5.1 that allows authenticated administrators to upload malicious files via the ...

Nucleus CMS v3.71 has a file upload vulnerability that allows attackers to bypass .htaccess restrictions and upload malicious files disguised as image...

The Allow svg files WordPress plugin before version 1.1 has improper file upload validation, allowing administrators to upload PHP files even when fil...

This vulnerability allows high-privileged WordPress users (like administrators) to upload malicious ZIP files containing PHP code through the WP SVG I...

CVE-2022-30860 allows remote attackers to execute arbitrary code on FUDforum installations through the file upload feature in the admin control panel....

This vulnerability allows attackers to upload arbitrary PHP files through the Select Image function in Online Food Ordering System v1.0, leading to re...

ShopXO CMS 2.2.0 contains an arbitrary file upload vulnerability in three locations within the management interface. This allows authenticated attacke...

GXCMS V1.5 has a file upload vulnerability in the template management page that allows authenticated attackers to upload malicious PHP files. This can...

This vulnerability allows authenticated administrators in the VikBooking WordPress plugin to upload PHP files disguised as images, potentially leading...

The AGIL WordPress plugin through version 1.0 has an unrestricted file upload vulnerability that allows authenticated administrators to upload arbitra...

This vulnerability allows attackers to upload malicious PHP files through the New Entry module in Car Rental Management System v1.0, leading to remote...

SpringBootMovie versions 1.2 and earlier contain an arbitrary file upload vulnerability due to insufficient filtering of uploaded file suffixes. This ...

The Import WP WordPress plugin before version 2.4.6 contains an arbitrary file upload vulnerability that allows authenticated administrators to upload...

This vulnerability allows WordPress administrators to upload arbitrary files, including PHP scripts, through the One Click Demo Import plugin. It bypa...

This CVE describes a remote code execution vulnerability in baigo CMS v3.0-alpha-2 that allows attackers to upload malicious PHP files and execute arb...

This vulnerability allows remote attackers to execute arbitrary code on HisiPHP 2.0.11 systems through specially crafted packets that bypass access co...

This vulnerability in the MapPress Maps for WordPress plugin allows authenticated administrators to bypass WordPress security settings and upload arbi...

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability that allows authenticated admin users to uploa...

This CVE describes an unrestricted file upload vulnerability in bbs v5.3 through the QuestionManageAction.java component. Attackers can upload malicio...

This vulnerability allows remote attackers to upload malicious files to bbs 5.3 through the TopicManageAction.java component, potentially leading to a...

This vulnerability allows remote attackers to upload malicious files through the HelpManageAction.java component in bbs 5.3, potentially leading to ar...

CVE-2022-1034 is an unrestricted file upload vulnerability in ShowDoc v2.10.3 that allows attackers to upload malicious files without proper validatio...

This vulnerability allows authenticated admin users in Pluck CMS 4.7.16 to upload malicious theme files through the theme installation functionality, ...

Zenario CMS 9.0.54156 has an unrestricted file upload vulnerability that allows attackers to upload malicious files like web shells. This enables remo...

This vulnerability in the Catch Themes Demo Import WordPress plugin allows high-privilege administrators to upload arbitrary PHP files, leading to rem...

This vulnerability in the All-in-One WP Migration WordPress plugin allows administrators to upload PHP files without proper file extension validation....

CMS Made Simple v2.2.15 contains a remote command execution vulnerability in the upload avatar function. Attackers can execute arbitrary commands on t...

CVE-2022-26149 allows remote authenticated administrators in MODX Revolution to execute arbitrary code by uploading executable files. This occurs beca...

CVE-2022-23043 is an unrestricted file upload vulnerability in Zenario CMS that allows authenticated admin users to bypass file upload restrictions by...

This vulnerability allows authenticated admin users in Exponent CMS to upload malicious ZIP files containing PHP scripts, which are then extracted to ...

CVE-2021-46115 is a remote code execution vulnerability in JPress 4.2.0 that allows authenticated attackers with admin panel access to upload maliciou...

An Unrestricted File Upload vulnerability in Vehicle Service Management System 1.0 allows remote attackers to upload malicious files containing HTML i...

This vulnerability allows authenticated attackers to execute arbitrary code on Sourcecodester E-Negosyo System 1.0 servers. Attackers can upload malic...

This vulnerability allows attackers with administrative privileges in WordPress to upload malicious files through the Catch Themes Demo Import plugin'...

CVE-2021-40188 is an arbitrary file upload vulnerability in PHPFusion's admin panel File Manager that allows attackers to upload malicious PHP files w...

The Simple Schools Staff Directory WordPress plugin through version 1.1 contains an unrestricted file upload vulnerability that allows authenticated a...

CVE-2020-21483 is an arbitrary file upload vulnerability in Jizhicms v1.5 that allows attackers to upload malicious files disguised as .jpg images, wh...

CVE-2020-21481 is an arbitrary file upload vulnerability in RGCMS v1.06 that allows attackers to upload malicious .txt files that can later be renamed...

This vulnerability allows remote attackers to execute arbitrary PHP code on FlatCore-CMS 2.0.7 systems via the upload addon plugin. Attackers can achi...

This vulnerability allows remote attackers to upload arbitrary files to PHPMyWind v5.6 systems via the admin/upload_file_do.php component. Attackers c...

This vulnerability allows authenticated administrators on Pulse Connect Secure appliances to write arbitrary files by uploading a maliciously crafted ...

AikCms v2.0.0 contains an unauthenticated file upload vulnerability in poster_edit.php that allows attackers to upload arbitrary files without validat...

This vulnerability allows authenticated WordPress administrators to upload malicious PHP files through the Business Directory Plugin's import function...

The Event Banner WordPress plugin through version 1.3 has an unrestricted file upload vulnerability that allows authenticated admin users to upload ar...

The College Publisher Import WordPress plugin through version 0.1 allows authenticated administrators to upload arbitrary files including PHP scripts,...

CVE-2021-20022 is a post-authentication arbitrary file upload vulnerability in SonicWall Email Security. An authenticated attacker can upload maliciou...

This vulnerability allows authenticated WordPress administrators to upload arbitrary files, including PHP files, through the Backup Guard plugin's imp...

This vulnerability allows authenticated WordPress administrators to upload arbitrary PHP files disguised as CSV files in the Modern Events Calendar Li...

This vulnerability allows authenticated WordPress administrators to upload arbitrary files, including PHP scripts, through the PowerPress plugin's pod...