Weaknesses of type CWE-434
2,799 resultsCVE-2025-4468MEDIUMSourceCodester Online Student Clearance System edit-photo.php unrestricted uploadEPSS 0.9%CVE-2023-32752CRITICALL7 Networks InstantScan & InstantQoS - Arbitrary File UploadEPSS 0.9%CVE-2023-46694HIGHVtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exEPSS 0.9%CVE-2023-3061MEDIUMcode-projects Agro-School Management System Attachment Image btn_functions.php unrestricted uploadEPSS 0.9%CVE-2024-6318HIGHIMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file'EPSS 0.9%CVE-2023-3274MEDIUMcode-projects Supplier Management System Picture btn_functions.php unrestricted uploadEPSS 0.9%CVE-2026-22786HIGHGin-vue-admin has arbitrary file upload vulnerability caused by path traversalEPSS 0.9%CVE-2023-50692HIGHFile Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to EPSS 0.9%CVE-2024-0757MEDIUMInsert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCEEPSS 0.9%CVE-2023-30333CRITICALAn arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrEPSS 0.9%CVE-2022-48006CRITICALAn arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerabilitEPSS 0.9%CVE-2022-43234CRITICALAn arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted EPSS 0.9%CVE-2024-5377MEDIUMSourceCodester Vehicle Management System newvehicle.php unrestricted uploadEPSS 0.9%CVE-2024-51152HIGHFile Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a componentEPSS 0.9%CVE-2022-2212MEDIUMSourceCodester Library Management System /card/index.php unrestricted uploadEPSS 0.9%CVE-2023-1442MEDIUMMeizhou Qingyunke QYKCMS Update api.php unrestricted uploadEPSS 0.9%CVE-2022-0959—A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manuaEPSS 0.9%CVE-2023-53922CRITICALTinyWebGallery v2.5 Remote Code Execution via Unrestricted File UploadEPSS 0.9%CVE-2021-3915HIGHUnrestricted Upload of File with Dangerous Type in bookstackapp/bookstackEPSS 0.9%CVE-2024-7484HIGHCRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File UploadEPSS 0.9%