CWE-434: Unrestricted File Upload

This CVE describes a file writing vulnerability in certain Honor products that could allow attackers to write arbitrary files to the system. If exploi...

This critical vulnerability in SourceCodester Attendance and Payroll System 1.0 allows remote attackers to upload arbitrary files via the /marimar/gue...

This critical vulnerability in SourceCodester Online Hotel Reservation System 1.0 allows attackers to upload arbitrary files without restrictions via ...

This critical vulnerability in ZZCMS 2023 allows remote attackers to upload arbitrary files without restrictions via the Ebak_SetGotoPak function. Att...

This critical vulnerability in PHPGurukul Boat Booking System 1.0 allows remote attackers to upload arbitrary files via the change-image.php component...

This critical vulnerability in SourceCodester Petshop Management System 1.0 allows attackers to upload arbitrary files via the /controllers/add_client...

This critical vulnerability in HFO4 shudong-share 2.4.7 allows remote attackers to upload arbitrary files without restrictions via the /includes/fileR...

This critical vulnerability in FeehiCMS allows remote attackers to upload arbitrary files without restrictions via the FriendlyLink[image] parameter. ...

This vulnerability allows remote attackers to upload arbitrary files to the SourceCodester E-Commerce System 1.0 via the photo parameter in the admin ...

This critical vulnerability in itsourcecode Laravel Property Management System 1.0 allows remote attackers to upload arbitrary files without restricti...

This critical vulnerability in itsourcecode Laravel Property Management System 1.0 allows remote attackers to upload arbitrary files without restricti...

This critical vulnerability in DedeBIZ 6.3.0 allows remote attackers to upload arbitrary files without restrictions via the get_mime_type function in ...

This critical vulnerability in DedeBIZ 6.3.0 allows remote attackers to upload arbitrary files without restrictions via the admin/file_manage_control....

This vulnerability allows remote attackers to upload arbitrary files to the Tailoring Management System 1.0 via the /setlogo.php endpoint. Attackers c...

CVE-2024-7500 is a critical unrestricted file upload vulnerability in itsourcecode Airline Reservation System 1.0. Attackers can remotely upload malic...

This vulnerability allows remote attackers to upload arbitrary files to the Placement Management System 1.0 via the /resume_upload.php endpoint. Attac...

This critical vulnerability in YouDianCMS 7 allows remote attackers to upload arbitrary files without restrictions via the /Public/ckeditor/plugins/mu...

This critical vulnerability in itsourcecode Online Food Ordering System 1.0 allows attackers to upload arbitrary files via the 'photo' parameter in ed...

This critical vulnerability in Gargaj wuhu's Slide Editor component allows remote attackers to upload arbitrary files via the newSlideFile parameter i...

This critical vulnerability in SourceCodester Online Student Management System 1.0 allows attackers to upload arbitrary files via the /add-students.ph...

This critical vulnerability in PHPVibe allows attackers to upload arbitrary files without restrictions via the /app/uploading/upload-mp3.php endpoint....

This vulnerability allows remote attackers to upload arbitrary files to itsourcecode Online Discussion Forum 1.0 via the /members/poster.php endpoint....

This critical vulnerability in itsourcecode Online Discussion Forum 1.0 allows remote attackers to upload arbitrary files via the change_profile_pictu...

This critical vulnerability in Codezips E-Commerce Site 1.0 allows remote attackers to upload arbitrary files via the profilepic parameter in admin/ed...

This critical vulnerability in D-Link DAR-7000-40 allows remote attackers to upload arbitrary files via the /url/url.php endpoint due to unrestricted ...

This critical vulnerability in D-Link DAR-7000-40 allows remote attackers to upload arbitrary files via the licenseauthorization.php interface, potent...

This critical vulnerability in Codezips E-Commerce Site 1.0 allows remote attackers to upload arbitrary files via the profilepic parameter in admin/ad...

This vulnerability allows remote attackers to upload arbitrary files to emlog Pro installations, potentially leading to remote code execution. Attacke...

This critical vulnerability in SourceCodester Prison Management System 1.0 allows attackers to upload arbitrary files via the /Employee/edit-photo.php...

This critical vulnerability in Simple Online Hotel Reservation System 1.0 allows attackers to upload arbitrary files without restrictions via the add_...

This critical vulnerability in Simple and Beautiful Shopping Cart System 1.0 allows attackers to upload arbitrary files without restrictions via uploa...

The Drag and Drop Multiple File Upload plugin for Contact Form 7 in WordPress allows unauthenticated attackers to upload malicious .phar or .svg files...

The WP ULike Pro WordPress plugin allows unauthenticated attackers to upload malicious files with dangerous extensions like .php2, .phar, and .svg due...

This vulnerability allows attackers to upload malicious files to the gaizhenbiao/chuanhuchatgpt application due to insufficient file validation. Attac...

ArcGIS Server versions 11.5 and earlier on Windows and Linux contain a file upload vulnerability where remote attackers can upload arbitrary files. Ho...

ArcGIS Server versions 11.5 and earlier on Windows and Linux contain a file upload vulnerability that allows remote attackers to upload arbitrary file...

This vulnerability allows attackers to upload files with disallowed extensions in Umbraco CMS by manipulating API requests. It affects Umbraco install...

This vulnerability in IBM Maximo Application Suite 9.0 allows authenticated users to upload files with dangerous extensions that could be executed by ...

A memory handling vulnerability in macOS video file parsing allows attackers to cause system crashes by tricking users into opening malicious video fi...

IBM Cognos Controller versions 11.0.0 and 11.0.1 allow unrestricted file uploads in the Journal entry page, enabling attackers to upload malicious exe...

Horilla HRMS versions before 1.5.0 contain a cross-site scripting vulnerability in the profile photo upload functionality. Attackers can upload malici...

This vulnerability allows authenticated attackers to upload malicious SVG files containing JavaScript through Phpwcms's multiple file upload feature. ...

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files containing stored cross-site script...

This vulnerability allows attackers to upload malicious HTML/JavaScript files through Kibana's Synthetics app, leading to cross-site scripting (XSS) a...

The DirectoryPress WordPress plugin is vulnerable to stored XSS via SVG file uploads due to insufficient input sanitization. Authenticated attackers w...

The MStore API WordPress plugin has a stored XSS vulnerability in profile picture upload functionality. Authenticated attackers with subscriber-level ...

This vulnerability allows attackers to upload arbitrary files including executables, scripts, or web shells by bypassing file type validation in Turms...

This vulnerability allows unauthenticated remote attackers to upload files to AudioCodes Fax Server and Auto-Attendant IVR appliances via an unprotect...

HuoCMS V3.5.1 and earlier contains an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This can l...

This vulnerability allows authenticated administrators in October CMS to bypass SVG file sanitization by uploading files with permitted extensions (li...