Fallos del tipo CWE-434
2799 resultadosCVE-2022-40341HIGHmojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafEPSS 1.2%CVE-2024-49653CRITICALWordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerabilityEPSS 1.2%CVE-2024-11617CRITICALEnvolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_fileEPSS 1.2%CVE-2022-39036CRITICALFLOWRING Agentflow BPM - Arbitrary File UploadEPSS 1.2%CVE-2022-2268—WP All Import < 3.6.8 - Admin+ Arbitrary File UploadEPSS 1.1%CVE-2024-1567HIGHRoyal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File UploadEPSS 1.1%CVE-2015-10087MEDIUMUpThemes Theme DesignFolio Plus unrestricted uploadEPSS 1.1%CVE-2023-6979HIGHCustomer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File UploadEPSS 1.1%CVE-2024-9942CRITICALWPGYM <= 67.1.0 - Unauthenticated Arbitrary File UploadEPSS 1.1%CVE-2023-27168CRITICALAn arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp fiEPSS 1.1%CVE-2012-10026CRITICALWordPress Plugin Asset-Manager <= 2.0 PHP File UploadEPSS 1.1%CVE-2009-20006CRITICALosCommerce <= 2.2 Admin File Manager Arbitrary PHP Code ExecutionEPSS 1.1%CVE-2022-45912HIGHAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticEPSS 1.1%CVE-2022-1837MEDIUMHome Clean Services Management System unrestricted uploadEPSS 1.1%CVE-2025-8297HIGHIncomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privEPSS 1.1%CVE-2023-29721CRITICALSofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.EPSS 1.1%CVE-2024-26503CRITICALUnrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code vEPSS 1.1%CVE-2022-36431CRITICALAn arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary cEPSS 1.1%CVE-2020-6965—In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X EPSS 1.1%CVE-2025-5058CRITICALeMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image()EPSS 1.1%