CWE-434: Unrestricted File Upload

The WooCommerce Support Ticket System plugin for WordPress has an unauthenticated arbitrary file upload vulnerability that allows attackers to upload ...

This vulnerability allows attackers to upload and download files without restrictions in Cleo's Harmony, VLTrader, and LexiCom products, potentially l...

The Wux Blog Editor WordPress plugin allows unauthenticated attackers to upload arbitrary files due to insufficient file type validation. This vulnera...

ClassCMS versions up to 4.8 contain a file inclusion vulnerability in the nowView method that allows attackers to include uploaded PHP files and execu...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using vulnerable versions of the Frontend File Manage...

The ZoomSounds WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation in the savepng.php file...

This vulnerability allows unauthenticated attackers to create arbitrary PHP files on WordPress sites using the vulnerable Mega Menu plugin. Attackers ...

This vulnerability allows remote attackers to upload malicious files disguised as images to execute arbitrary code on DYCMS servers. It affects all us...

CVE-2024-42640 is an unauthenticated remote code execution vulnerability in angular-base64-upload versions prior to 0.1.21. Attackers can upload arbit...

The Jupiter X Core WordPress plugin has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files due to improper file typ...

CVE-2023-26686 is a critical file upload vulnerability in CS-Cart MultiVendor 4.16.1 that allows remote attackers to upload malicious files through th...

GDidees CMS v3.9.1 and earlier contains an unrestricted file upload vulnerability that allows attackers to upload malicious files, including webshells...

Qualitor up to version 8.24 is vulnerable to remote code execution via arbitrary file upload in the checkAcesso.php endpoint. Attackers can upload mal...

An unrestricted file upload vulnerability in Kashipara Music Management System v1.0 allows attackers to upload malicious PHP files through the signup ...

CVE-2024-38530 is an unauthenticated arbitrary file upload vulnerability in Open eClass's H5P module that allows attackers to upload malicious files t...

The YayExtra WooCommerce plugin for WordPress has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files due to missing...

The Keydatas WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability affec...

Simple Library Management System v1.0 contains an arbitrary file upload vulnerability in ajax.php that allows attackers to upload malicious files. Thi...

This CVE describes a critical file upload vulnerability in Sparkshop (Spark Mall B2C Mall) that allows remote attackers to upload malicious files and ...

This vulnerability allows attackers to upload malicious .cfm files to FarCry Core framework servers, leading to remote code execution. It affects all ...

This vulnerability allows unauthenticated users (guests) to upload PHP files through the JA Marketplace module for PrestaShop. Attackers can exploit t...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the Salon booking system plugin. It affects all...

CVE-2024-34833 is an unauthenticated remote code execution vulnerability in Sourcecodester Payroll Management System v1.0. Attackers can upload malici...

CVE-2024-3912 is an arbitrary firmware upload vulnerability affecting certain ASUS router models. Unauthenticated remote attackers can exploit this to...

This vulnerability allows an attacker to upload a malicious file to the certbadge.php endpoint in openeclass, potentially leading to remote code execu...

CVE-2024-1659 is an unauthenticated arbitrary file upload vulnerability in MegaBIP software that allows attackers to upload malicious files (including...

This vulnerability allows attackers to upload arbitrary files to Jan v0.4.12 via the /v1/app/writeFileSync interface, potentially leading to remote co...

This critical vulnerability allows unauthenticated attackers to execute arbitrary code on affected Zyxel NAS devices by uploading a crafted configurat...

This critical vulnerability in DedeCMS allows attackers to upload arbitrary files to the server, leading to remote code execution. Attackers can compr...

This vulnerability allows attackers to upload malicious .jsp files through the uploadAudio method in inxedu v2024.4, leading to arbitrary code executi...

This vulnerability allows unauthenticated attackers to upload arbitrary files to DedeCMS backend servers via the media_add.php page. Attackers can ach...

The Hash Form WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability affe...

Roothub v2.5 contains an arbitrary file upload vulnerability in the upload() function via the customPath parameter. Attackers can upload crafted JSP f...

This vulnerability allows attackers to upload arbitrary files to the Zhongcheng Kexin Ticketing Management Platform, potentially leading to remote cod...

This vulnerability allows unauthenticated remote attackers to upload arbitrary files to Voltronic Power ViewPower Pro systems, leading to remote code ...

The InstaWP Connect WordPress plugin has an unauthenticated arbitrary file upload vulnerability in its REST API endpoint. This allows attackers to upl...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress servers running the vulnerable Product Addons & Fields for ...

ThinkCMF 6.0.9 contains an unrestricted file upload vulnerability in UeditorController.php that allows attackers to upload arbitrary files, including ...

This CVE describes a critical file upload vulnerability in DedeCMS v5.7 that allows local attackers to upload malicious files and execute arbitrary co...

jizhiCMS 2.5 contains an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This affects all instal...

This vulnerability allows attackers to download malicious .xrm-ms files without the usual executable file warning in Firefox, Thunderbird, and Firefox...

This vulnerability in qdrant/qdrant allows attackers to upload arbitrary files to any location on the filesystem via a path traversal attack in the sn...

This vulnerability in SEMCMS v4.8 allows remote attackers to upload malicious files via upload.php, leading to arbitrary code execution, privilege esc...

This vulnerability in Mblog Blog system v3.5.0 allows remote attackers to execute arbitrary code by uploading a specially crafted file through the the...

CVE-2024-28441 is a critical file upload vulnerability in magicflue versions 7.0 and earlier that allows remote attackers to upload malicious files an...

This vulnerability allows attackers to include arbitrary PHP files in eyoucms v1.6.4 through template configuration manipulation, leading to remote co...

Airflow-Diagrams v2.1.0 contains an arbitrary file upload vulnerability in the unsafe_load function that allows attackers to upload malicious YML file...

This vulnerability allows attackers to upload malicious PHP files through the student profile picture upload function in Student Enrollment In PHP v1....

This vulnerability allows authenticated users in CMS Made Simple to upload malicious files that bypass security filters, potentially leading to remote...

CVE-2024-0864 is a remote code execution vulnerability in Laragon's Simple Ajax Uploader plugin due to improper input validation in file_upload.php. A...