CWE-434: Unrestricted File Upload

This vulnerability allows attackers to upload arbitrary PHP files through the student profile picture upload function in Student Enrollment In PHP v1....

SKINsoft S-Museum 7.02.3 has an unrestricted file upload vulnerability in the Add Media function that allows attackers to upload malicious files. Unli...

This vulnerability allows attackers to upload arbitrary files to Novel-Plus systems via the /sysFile/upload endpoint, potentially leading to remote co...

CVE-2024-22824 is a critical unrestricted file upload vulnerability in Timo v.2.0.3 that allows remote attackers to bypass filetype restrictions and u...

CVE-2024-25414 is a critical arbitrary file upload vulnerability in CSZ CMS v1.3.0 that allows attackers to upload malicious Zip files containing PHP ...

CVE-2024-23759 is a critical deserialization vulnerability in Gambio e-commerce software that allows attackers to execute arbitrary code by exploiting...

This vulnerability in MISP allows attackers to upload malicious files disguised as organization logos due to insufficient file extension and MIME type...

This CVE describes a critical file upload vulnerability in Pichome v1.1.01 that allows remote attackers to upload malicious files and execute arbitrar...

This vulnerability allows authenticated attackers to upload malicious .txt files to the /upgrade/control.php endpoint in ZenTao products, leading to a...

An arbitrary file upload vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to upload malicious files by manipulating the filename pa...

jshERP v3.3 has an arbitrary file upload vulnerability in the systemConfig/upload interface that allows attackers to upload malicious files to control...

CVE-2021-4436 is an unauthenticated arbitrary file upload vulnerability in the 3DPrint Lite WordPress plugin. Attackers can upload malicious files to ...

This vulnerability allows attackers to upload malicious files (like web shells) to CyberMath web servers due to insufficient file type validation. It ...

This vulnerability allows attackers to upload arbitrary files to YonBIP systems through a specific API endpoint, potentially leading to remote code ex...

This vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary server locations due to insufficie...

This vulnerability allows attackers to upload arbitrary JSP files to Xpand IT Write-back Manager v2.3.1, leading to remote code execution. Attackers c...

The Customer Reviews for WooCommerce WordPress plugin has a critical vulnerability that allows authenticated attackers with author-level access or hig...

The MW WP Form WordPress plugin allows unauthenticated attackers to upload arbitrary files due to insufficient file type validation. This vulnerabilit...

CVE-2020-26629 is an unauthenticated arbitrary file upload vulnerability in Hospital Management System V4.0 that allows attackers to upload malicious ...

ZZCMS 2023 has an unauthenticated file upload vulnerability that allows attackers to upload malicious files and execute arbitrary code on the server. ...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on TOTOlink EX1200L routers by exploiting the UploadFirmwareFile int...

This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects Avalanche versions 6....

SmartStar Software CWS has an unrestricted file upload vulnerability that allows unauthenticated attackers to upload malicious files. This can lead to...

CVE-2023-48371 is an unauthenticated remote code execution vulnerability in ITPison OMICARD EDM's file upload function. Attackers can upload malicious...

CVE-2023-48930 is an unrestricted file upload vulnerability in Xinhu OA 2.2.1 that allows attackers to upload malicious files to the server. This affe...

This vulnerability allows attackers to upload malicious files to ArslanSoft Education Portal, which can lead to command injection and remote code exec...

Arcserve UDP versions before 9.2 contain an unauthenticated remote code execution vulnerability in the RPSService4CPMImpl interface. Attackers can upl...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress servers running the vulnerable WooCommerce Ninja Forms Prod...

This vulnerability in the Royal Elementor Addons and Templates WordPress plugin allows unauthenticated attackers to upload arbitrary files, including ...

This vulnerability in zzzCMS v2.1.9 allows remote attackers to bypass file upload restrictions by modifying the imageext parameter to include PHP exte...

This vulnerability in the Simple:Press WordPress plugin allows attackers to upload arbitrary files to affected WordPress sites due to missing file typ...

CVE-2023-45856 is a critical remote code execution vulnerability in qdPM 9.2 that allows attackers to upload malicious PHP files through the Add Attac...

CVE-2023-43269 is an arbitrary file upload vulnerability in pigcms that allows attackers to upload malicious files to the server. This affects all pig...

This vulnerability allows attackers to upload arbitrary PHP files to Emlog Pro's template directory, leading to remote code execution. It affects Emlo...

A file upload vulnerability in mojoPortal v2.7.0.0 allows remote attackers to upload malicious files through the File Manager function, potentially le...

This vulnerability allows attackers to upload malicious files to phpMyFAQ servers due to insufficient file type validation. Affects all phpMyFAQ insta...

DedeCMS 5.7.102 contains an unrestricted file upload vulnerability in the module_make.php component that allows attackers to upload arbitrary files, i...

This vulnerability allows remote attackers to upload malicious files to DWSurvey-OSS survey software, leading to arbitrary code execution on the serve...

CVE-2020-18912 is a critical remote code execution vulnerability in Earcms Ear App v.20181124 that allows attackers to execute arbitrary code via the ...

This vulnerability allows unauthenticated remote attackers to upload dangerous file types to e-Excellence U-Office Force systems. Attackers can execut...

CVE-2023-39970 is an unrestricted file upload vulnerability in the AcyMailing component for Joomla that allows attackers to upload malicious files. Th...

CVE-2023-38915 is a critical file upload vulnerability in Wolf-leo EasyAdmin8 v1.0 that allows remote attackers to upload malicious files and execute ...

CVE-2020-36082 is a critical file upload vulnerability in bloofoxCMS that allows remote attackers to upload malicious webshell files. This enables arb...

This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects all Avalanche version...

This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects Ivanti Avalanche vers...

This CVE describes a critical file upload vulnerability in PHPJabbers Ticket Support Script v3.2 that allows attackers to upload malicious files and e...

This vulnerability in Sysaid allows administrators to upload dangerous file types through an unspecified method. Attackers with administrative access ...

This vulnerability allows attackers to upload malicious files to eOffice systems, potentially leading to remote code execution. It affects eOffice ver...

CVE-2023-37677 is a remote code execution vulnerability in Pligg CMS (Kliqqi) v2.0.2 that allows attackers to execute arbitrary code on affected syste...

CVE-2023-32637 is a critical vulnerability in GBrowse that allows unauthenticated remote code execution. Attackers can upload malicious files through ...