CWE-434: Unrestricted File Upload

The MStore API WordPress plugin has a stored XSS vulnerability in profile picture upload functionality. Authenticated attackers with subscriber-level ...

This vulnerability allows attackers to upload arbitrary files including executables, scripts, or web shells by bypassing file type validation in Turms...

This vulnerability allows unauthenticated remote attackers to upload files to AudioCodes Fax Server and Auto-Attendant IVR appliances via an unprotect...

HuoCMS V3.5.1 and earlier contains an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This can l...

This vulnerability allows authenticated administrators in October CMS to bypass SVG file sanitization by uploading files with permitted extensions (li...

This vulnerability allows authenticated remote attackers to upload malicious files to Q-Free MaxTime systems via template file uploads. Attackers can ...

Tmall_demo v2024.07.03 contains an unrestricted file upload vulnerability in the uploadUserHeadImage component, allowing attackers to upload malicious...

This vulnerability allows authenticated high-privileged users in Ivanti Neurons for ITSM to upload arbitrary files to sensitive server directories. At...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Atarim Visual Collaboration plugin. It affects all WordPres...

The Zarinpal Paid Download WordPress plugin through version 2.3 has improper file upload validation, allowing administrators to upload arbitrary files...

Dell Wyse Management Suite versions before 5.1 have a vulnerability where high-privileged attackers with remote access can upload dangerous file types...

This vulnerability allows privileged users in IBM Security ReaQta to upload dangerous file types that can be automatically processed within the produc...

This critical vulnerability in 07FLYCMS/07FlyCRM allows attackers to upload arbitrary files without restrictions via the pictureUpload function. Remot...

This vulnerability allows remote attackers to upload arbitrary files to the Tourist Management System 1.0 through the /admin/create-package.php endpoi...

This vulnerability allows remote attackers to upload arbitrary files without restrictions in the kvf-admin software. Attackers can exploit this to upl...

This critical vulnerability in HuankeMao SCRM allows remote attackers to upload arbitrary files without restrictions via the administrator backend. At...

This vulnerability in DouPHP 1.7 allows attackers to upload arbitrary files via the favicon handler in the admin system.php file. Attackers can exploi...

This vulnerability allows remote attackers to upload arbitrary files to Fujian mwcms 1.0.0 systems via the image upload function. Attackers can exploi...

This critical vulnerability in Campcodes Legal Case Management System 1.0 allows remote attackers to upload arbitrary files via the /admin/general-set...

CVE-2022-27562 is an unsafe file upload vulnerability in HCL Domino Volt that allows attackers to upload .html files containing malicious JavaScript. ...

This vulnerability in themesebrand Chatvia v5.3.2 allows remote attackers to execute arbitrary code through the user profile image upload function. At...

The Filr WordPress plugin allows authenticated administrators to upload malicious HTML files containing JavaScript due to insufficient file type valid...

Open eClass platform versions before 4.2 contain a file upload validation bypass vulnerability. Attackers can upload files with prohibited extensions ...

This vulnerability allows authenticated attackers with Config Managers credentials to upload arbitrary files to Cisco EPNM systems via the web managem...

This vulnerability allows remote authenticated attackers to upload malicious files to affected ELECOM wireless routers, potentially leading to arbitra...

CVE-2024-55417 allows authenticated users in DevDojo Voyager to bypass file type verification when uploading files via the media upload endpoint. This...

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by exploiting the avatar function. This could lead to maliciou...

This vulnerability allows authenticated low-privileged users in Splunk Enterprise and Splunk Cloud Platform to upload files with arbitrary extensions ...

This vulnerability in SourceCodester Best Courier Management System 1.0 allows attackers to upload arbitrary files via the view_parcel.php file by man...

This vulnerability allows authenticated remote attackers with high privileges to upload arbitrary files through the web interface of affected RUGGEDCO...

This vulnerability in YetiShare File Hosting Script allows attackers to perform server-side request forgery (SSRF) through the remote file upload feat...

This vulnerability in IBM watsonx.data allows privileged users to upload malicious files that could be executed on the server, potentially modifying l...

HCL AION has an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This could lead to remote code e...

This vulnerability allows attackers to upload malicious files to Hillstone Networks Operation and Maintenance Security Gateway, potentially enabling w...

SAP NetWeaver Application Server for ABAP's Migration Workbench fails to scan uploaded files for malware when an administrator uploads them. This allo...

This vulnerability in Intel CIP software allows an attacker with local access and special internal knowledge to upload dangerous file types, potential...

This vulnerability in My Little Forum allows attackers to upload malicious files disguised as images, then trigger deserialization attacks that can de...

This vulnerability allows remote attackers to upload malicious class files to Interinfo DreamMaker systems, which can lead to arbitrary command execut...

This vulnerability allows attackers to upload malicious files and execute arbitrary code through deserialization attacks in the TIS platform. It affec...

Pega Customer Service Framework versions 8.7.0 through 25.1.0 contain an unrestricted file upload vulnerability that allows privileged users to upload...

WEBIGniter 28.7.23 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload PHP files and execute arbitrary co...

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload maliciou...

ElkArte Forum 1.1.9 contains an authenticated remote code execution vulnerability where administrators can upload malicious PHP files through theme in...

This vulnerability allows attackers to upload arbitrary files through the GrapesJS Builder component due to insufficient file type restrictions. If th...

Ruijie NBR series routers have an unauthenticated arbitrary file upload vulnerability in the /ddi/server/fileupload.php endpoint. Attackers can upload...

This vulnerability allows unauthenticated attackers to upload arbitrary files to eGovFramework servers via image upload endpoints. Attackers can use a...