CWE-434: Unrestricted File Upload

This vulnerability allows unauthenticated remote attackers to upload and execute arbitrary files on InfoDoc Document On-line Submission and Approval S...

This vulnerability allows attackers to upload arbitrary PHP files to DedeCMS v5.7.109 through the /dede/file_manage_control.php endpoint, leading to r...

CVE-2023-34136 is a critical vulnerability in SonicWall GMS and Analytics that allows unauthenticated attackers to upload arbitrary files to restricte...

WebsiteGuide v0.2 contains a critical vulnerability that allows attackers to execute arbitrary commands on the server by uploading specially crafted i...

CVE-2023-37152 is an unauthenticated arbitrary file upload vulnerability in Projectworlds Online Art Gallery Project 1.0. Attackers can upload malicio...

CVE-2020-22151 is a critical remote code execution vulnerability in Fuel-CMS that allows attackers to upload malicious zip files containing PHP code. ...

CVE-2020-22153 is a critical file upload vulnerability in FUEL-CMS that allows remote attackers to upload malicious PHP files and execute arbitrary co...

CVE-2020-18432 is a critical file upload vulnerability in SEMCMS PHP 3.7 that allows remote attackers to upload arbitrary files, including web shells,...

CVE-2023-34738 is an arbitrary file upload vulnerability in Chemex asset management software that allows attackers to upload malicious files to the se...

CVE-2022-44276 is a critical vulnerability in Responsive Filemanager that allows attackers to bypass upload restrictions and achieve remote code execu...

CVE-2023-33404 is an unrestricted file upload vulnerability in BlogEngine.NET that allows remote attackers to upload malicious files without proper va...

Funadmin v3.3.2 and v3.3.3 contain an insecure file upload vulnerability in the plugins installation feature. Attackers can upload malicious files, po...

CVE-2020-21174 is a critical file upload vulnerability in liufee CMS v2.0.7.1 that allows remote attackers to upload malicious files disguised as imag...

CVE-2020-21474 is a critical file upload vulnerability in NucleusCMS v3.71 that allows remote attackers to upload malicious files and execute arbitrar...

CVE-2020-21489 is a critical file upload vulnerability in Feehicms v2.0.8 that allows remote attackers to upload malicious files and execute arbitrary...

This is a critical file upload vulnerability in LJCMS v4.3.R60321 that allows remote attackers to upload malicious files and execute arbitrary code on...

This vulnerability allows unauthenticated remote attackers to upload malicious files to L7 Networks InstantScan IS-8000 and InstantQoS IQ-8000 devices...

This CVE describes a critical file upload vulnerability in ujcms 6.0.2 that allows attackers to upload arbitrary files, including malicious scripts, v...

This vulnerability allows attackers to upload malicious SVG files to Chamilo LMS, which can lead to remote code execution. It affects Chamilo 1.11.* v...

CVE-2023-31541 is an unrestricted file upload vulnerability in the CKEditor v1.2.3 plugin for Redmine that allows attackers to upload arbitrary files ...

CVE-2023-3049 is an unrestricted file upload vulnerability in TMT Lockcell that allows attackers to upload malicious files and execute arbitrary comma...

The Delete All Comments WordPress plugin up to version 2.0 contains an arbitrary file upload vulnerability in delete-all-comments.php due to missing f...

CVE-2023-29631 is an incorrect access control vulnerability in PrestaShop's jmsslider module that allows unauthenticated attackers to execute arbitrar...

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the admin attachment upload interface that allows attackers to upload malicious files to t...

SofaWiki versions up to 3.8.9 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files and execute arbitrary ...

This vulnerability in Wcms 0.3.2 allows unauthenticated attackers to upload arbitrary files and execute malicious code through crafted requests to the...

This vulnerability allows attackers to upload malicious files to the Rental Module in Ideasoft's E-commerce Platform, potentially leading to command i...

This vulnerability allows attackers to upload malicious files to PerfreeBlog's admin interface, leading to remote code execution. Attackers can gain f...

GuppY CMS 6.00.10 contains an unrestricted file upload vulnerability that allows remote attackers to upload PHP files and execute arbitrary code on th...

This CVE describes a critical file upload vulnerability in Oretnom23 Storage Unit Rental Management System v1.0 that allows remote attackers to upload...

CLTPHP versions up to 6.0 are vulnerable to unrestricted file upload via the Template.php:update function, allowing attackers to upload malicious file...

This is a critical file upload vulnerability in Antabot White-Jotter v0.2.2 that allows remote attackers to upload malicious files and execute arbitra...

This vulnerability in Apache StreamPark allows any user to upload arbitrary JAR files without proper file type validation, potentially enabling remote...

This vulnerability in TIBCO Spotfire Statistics Services allows unauthenticated remote attackers to upload or modify arbitrary files within the web se...

This vulnerability allows remote attackers to execute arbitrary PHP code on GLPI servers running vulnerable versions of the Cartography (positions) pl...

This vulnerability allows remote attackers to upload malicious files to Milken DoyoCMS v2.3 systems, potentially leading to arbitrary code execution. ...

This vulnerability allows attackers to upload dangerous files through the SharePoint connector in Progress Sitefinity CMS. It affects all Sitefinity i...

This vulnerability in Apache Linkis allows unauthenticated attackers to upload arbitrary files to any location on the server due to insufficient path ...

This vulnerability allows remote code execution via code injection in the Prestashop cdesigner module. Attackers can execute arbitrary code on affecte...

CVE-2023-24720 is an arbitrary file upload vulnerability in readium-js v0.32.0 that allows attackers to upload malicious EPUB files containing executa...

CVE-2021-31707 is a critical remote code execution vulnerability in KiteCMS that allows attackers to upload malicious files and execute arbitrary code...

CVE-2023-1728 is an unrestricted file upload vulnerability in Fernus Informatics LMS that allows attackers to upload malicious files, leading to OS co...

CVE-2023-26968 is an unauthenticated file upload vulnerability in Atrocore 1.5.25 that allows attackers to upload arbitrary files without authenticati...

CVE-2023-25909 is a critical unauthenticated remote code execution vulnerability in HGiga OAKlouds file upload functionality. Attackers can upload mal...

CVE-2023-25654 is a critical remote code execution vulnerability in baserCMS management systems. Attackers can execute arbitrary code on affected serv...

This vulnerability allows unauthenticated attackers to upload arbitrary PHP files to the onekeyadmin web application through the /admin1/config/update...

This vulnerability allows unauthenticated attackers to upload malicious web.config and ASP files through Umbraco Forms, leading to arbitrary code exec...

CVE-2022-41217 is an unauthenticated file upload vulnerability in Cloudflow's PROOFSCOPE built-in storage. Attackers can upload malicious files withou...

This vulnerability allows attackers to upload arbitrary PHP files to the Food Ordering System v2.0 via the /fos/admin/ajax.php endpoint, leading to re...

Raffle Draw System v1.0 contains a local file inclusion vulnerability in the page parameter of index.php. This allows attackers to read arbitrary file...