Weaknesses of type CWE-434
2,799 resultsCVE-2022-30529HIGHFile upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitraryEPSS 1.0%CVE-2016-20052CRITICALSnews CMS 1.7 Unrestricted File Upload via snews_filesEPSS 1.0%CVE-2024-28269HIGHReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the abilityEPSS 1.0%CVE-2022-41533HIGHOnline Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/EPSS 0.9%CVE-2022-43061HIGHOnline Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/EPSS 0.9%CVE-2022-43275HIGHCanteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.EPSS 0.9%CVE-2023-26857HIGHAn arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers toEPSS 0.9%CVE-2022-43277HIGHCanteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. TEPSS 0.9%CVE-2022-43050HIGHOnline Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profiEPSS 0.9%CVE-2024-6319HIGHIMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'EPSS 0.9%CVE-2024-5047MEDIUMSourceCodester Student Management System controller.php unrestricted uploadEPSS 0.9%CVE-2023-24517MEDIUMRemote Code Execution via Unrestricted File UploadEPSS 0.9%CVE-2022-36285HIGHWordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerabilityEPSS 0.9%CVE-2022-32177CRITICALGin-vue-admin - Unrestricted File UploadEPSS 0.9%CVE-2022-32176CRITICALGin-vue-admin - Unrestricted File UploadEPSS 0.9%CVE-2023-33601HIGHAn arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHPEPSS 0.9%CVE-2024-31210HIGHPHP file upload bypass via Plugin installerEPSS 0.9%CVE-2024-9307CRITICALmFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG FilesEPSS 0.9%CVE-2023-25909CRITICALHGiga Inc. OAKlouds - Arbitrary File UploadEPSS 0.9%CVE-2025-4468MEDIUMSourceCodester Online Student Clearance System edit-photo.php unrestricted uploadEPSS 0.9%