CWE-434: Unrestricted File Upload

CVE-2021-20022 is a post-authentication arbitrary file upload vulnerability in SonicWall Email Security. An authenticated attacker can upload maliciou...

This vulnerability allows authenticated WordPress administrators to upload arbitrary files, including PHP files, through the Backup Guard plugin's imp...

This vulnerability allows authenticated WordPress administrators to upload arbitrary PHP files disguised as CSV files in the Modern Events Calendar Li...

This vulnerability allows authenticated WordPress administrators to upload arbitrary files, including PHP scripts, through the PowerPress plugin's pod...

Zenphoto CMS versions through 1.5.7 allow authenticated administrators to upload arbitrary files, including PHP web shells, leading to remote code exe...

Feehi CMS 2.1.0 contains an arbitrary file upload vulnerability that allows authenticated administrators to upload malicious files. This can lead to r...

This vulnerability in Jaws CMS allows authenticated administrators to upload and execute arbitrary PHP files, leading to remote code execution. It aff...

This vulnerability allows an authenticated admin user in Pluck CMS to bypass file upload restrictions, potentially uploading malicious files that coul...

CVE-2020-28072 is a remote code execution vulnerability in DourceCodester Alumni Management System 1.0. Authenticated attackers can upload malicious f...

CVE-2020-23520 is an authenticated file upload vulnerability in imcat 5.2 that allows attackers to upload malicious files and achieve remote code exec...

OpenClinic version 0.8.2 contains an insecure file upload vulnerability in medical/test_new.php that allows authenticated users with substantial privi...

This vulnerability allows unauthenticated attackers to upload arbitrary files to OutSystems Platform 10 instances. It affects organizations using OutS...

This vulnerability in Gila CMS 1.16.0 allows attackers to upload malicious PHP shell files to the temporary directory and execute them by abusing the ...

This vulnerability allows authenticated administrators in SAP NetWeaver AS JAVA to upload malicious files that enable remote code execution. Attackers...

This vulnerability allows authenticated attackers to execute arbitrary code on Pulse Connect Secure VPN appliances by exploiting uncontrolled gzip ext...

This vulnerability allows authenticated administrators in Cisco Unified Contact Center Express to upload malicious files that execute arbitrary operat...

Typesetter CMS 5.x through 5.1 allows authenticated administrators to upload ZIP archives containing PHP files, which can then be executed on the serv...

CVE-2020-25287 is an arbitrary file write vulnerability in Pligg CMS that allows authenticated users to edit any file on the server through template e...

This vulnerability allows authenticated attackers to upload PHP files through Concrete5's File Manager by modifying site configuration. Successful exp...

This vulnerability allows an authenticated admin user in Zoho ManageEngine Applications Manager to upload a malicious JAR file to a specific location,...

This vulnerability allows authenticated WordPress administrators to upload arbitrary files through the Autoptimize plugin's AJAX interface, bypassing ...

This vulnerability allows authenticated administrators in flatCore CMS to upload and execute arbitrary PHP files, leading to remote code execution. It...

This vulnerability allows authenticated users with publication target creation/access privileges to upload and persist files that could be executed. I...

CVE-2024-25636 is a content-type validation vulnerability in Misskey that allows account takeover through ActivityPub protocol exploitation. Attackers...

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to upload malicious PDF files that can execute arbitrary code on the server. Th...

This vulnerability allows physical attackers to execute arbitrary commands as root on Alaga Home Security WiFi Camera 3K devices by placing a speciall...

This vulnerability allows system administrators in Mattermost to upload non-attachment file types via shared channels, potentially placing files in ar...

IBM Analytics Content Hub versions 2.0-2.3 have a file upload vulnerability that allows attackers to upload malicious executable files. This could ena...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload .css and .js files to arbitrary directories w...

An arbitrary file upload vulnerability in WSO2 products allows authenticated admin users to upload malicious files to server locations they control, p...

This CVE describes a file upload vulnerability in ABB's ASPECT, NEXUS, and MATRIX series products that allows attackers to upload malicious files if t...

This vulnerability allows attackers to upload and execute malicious PHP scripts in ASPECT systems if they obtain administrator credentials. It affects...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the WP-Advanced-Search plugin. Attac...

This vulnerability allows attackers to upload arbitrary files, including web shells, to Appointify WordPress plugin servers. It affects all Appointify...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Custom Icons for Elem...

This vulnerability in Tarot, Astro & Healing v11.4.0 allows attackers to overwrite arbitrary files during the import process. Attackers could potentia...

This vulnerability allows non-administrative users to upload malicious files that can execute arbitrary scripts in administrators' browsers when acces...

This vulnerability allows authenticated administrators on Cisco Unified CCX systems to upload and execute arbitrary files through the web UI, potentia...

This vulnerability allows authenticated administrators in Cisco Unified CCX to upload and execute arbitrary files via the web UI, leading to remote co...

This vulnerability allows unauthenticated remote users (including guest users) to upload malicious files to Liferay Portal/DXP systems by bypassing fi...

PowerCMS versions before 6.7.1, 5.3.1, and 4.6.1 allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file up...

This vulnerability allows attackers to upload malicious PHP or HTML files through the login page logo upload function in Process Maker's pm4core-docke...

An authenticated attacker can upload malicious files to the SAP Document Builder service, which when accessed by a victim allows the attacker to acces...

This vulnerability allows authenticated users to upload malicious image files that can cause a denial-of-service condition. It affects industrial cont...

This vulnerability allows cross-site scripting (XSS) attacks via malicious SVG profile picture uploads in Agora Foundation's Agora software. Attackers...

This vulnerability allows authenticated users to upload arbitrary files (like .html or .svg) through the /edit-user endpoint in OpenPLC Runtime. These...

This CVE describes a file upload vulnerability in HCL Unica 12.0.0 that allows attackers to upload malicious files to the server. The vulnerability af...

This vulnerability allows attackers to upload arbitrary files through a specific endpoint, potentially leading to remote code execution and system com...

This CVE describes a file writing vulnerability in certain Honor products that could allow attackers to write arbitrary files to the system. If exploi...

This critical vulnerability in SourceCodester Attendance and Payroll System 1.0 allows remote attackers to upload arbitrary files via the /marimar/gue...