Weaknesses of type CWE-434
2,800 resultsCVE-2022-2749MEDIUMSourceCodester Gym Management System unrestricted uploadEPSS 0.7%CVE-2026-1331CRITICALAMASTAR Technology|MeetingHub - Arbitrary File UploadEPSS 0.7%CVE-2024-7506MEDIUMitsourcecode Tailoring Management System setlogo.php unrestricted uploadEPSS 0.7%CVE-2025-2249HIGHSoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File UploadEPSS 0.7%CVE-2024-5049MEDIUMCodezips E-Commerce Site editproduct.php unrestricted uploadEPSS 0.7%CVE-2020-37117HIGHjizhiCMS 1.6.7 - Arbitrary File DownloadEPSS 0.7%CVE-2025-2216MEDIUMzzskzy Warehouse Refinement Management System SaveCrash.ashx UploadCrash unrestricted uploadEPSS 0.7%CVE-2024-13342HIGHBooster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File UploadEPSS 0.7%CVE-2024-3129MEDIUMSourceCodester Image Accordion Gallery App add-image.php unrestricted uploadEPSS 0.7%CVE-2023-26690HIGHFile Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in tEPSS 0.7%CVE-2023-47711LOWIBM Security Guardium denial of serviceEPSS 0.7%CVE-2025-0582MEDIUMitsourcecode Farm Management System add-pig.php unrestricted uploadEPSS 0.7%CVE-2024-56050CRITICALWordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2024-56052CRITICALWordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2025-69906HIGHMonstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based fiEPSS 0.7%CVE-2023-52154HIGHFile Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTEPSS 0.7%CVE-2024-11391HIGHAdvanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.7%CVE-2024-1259MEDIUMJuanpao JPShop API AppController.php unrestricted uploadEPSS 0.7%CVE-2025-22470CRITICALCL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. AnEPSS 0.7%CVE-2025-13543HIGHPostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.7%