Weaknesses of type CWE-434
2,786 resultsCVE-2021-4462CRITICALEmployee Records System v1.0 Arbitrary File Upload RCEEPSS 3.0%CVE-2022-44289HIGHThinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.EPSS 2.9%CVE-2020-26285HIGHWidget instances allows a hacker to inject an executable file on the server on OpenMageEPSS 2.9%CVE-2012-10020CRITICALFoxyPress <= 0.4.2.1 - Arbitrary File UploadEPSS 2.9%CVE-2025-54769HIGHKL-001-2025-016: Xorux LPAR2RRD File Upload Directory TraversalEPSS 2.9%CVE-2023-6274MEDIUMByzoro Smart S80 PHP File updatelib.php unrestricted uploadEPSS 2.9%CVE-2018-25114CRITICALosCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code ExecutionEPSS 2.8%CVE-2021-40905HIGHThe web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" fileEPSS 2.8%CVE-2020-15189MEDIUMRemote Code Execution in SOY CMSEPSS 2.8%CVE-2021-42133—An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service tEPSS 2.8%CVE-2019-18313—A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 ServEPSS 2.8%CVE-2015-10135CRITICALWPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File UploadEPSS 2.8%CVE-2024-23534HIGHAn Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to executEPSS 2.7%CVE-2022-2128CRITICALUnrestricted Upload of File with Dangerous Type in polonel/trudeskEPSS 2.6%CVE-2012-10054CRITICALUmbraco CMS < 4.7.1 codeEditorSave.asmx RCEEPSS 2.6%CVE-2017-6027—An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web EPSS 2.6%CVE-2025-23942CRITICALWordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerabilityEPSS 2.6%CVE-2017-16594—This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.7EPSS 2.6%CVE-2022-2297MEDIUMSourceCodester Clinics Patient Management System unrestricted uploadEPSS 2.6%CVE-2021-38484CRITICALInHand Networks IR615 RouterEPSS 2.6%