Falhas do tipo CWE-434
2.795 resultadosCVE-2024-32880CRITICALpyLoad allows upload to arbitrary folder lead to RCEEPSS 1.3%CVE-2023-38887HIGHFile Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive inEPSS 1.3%CVE-2024-11311CRITICALTRCore DVC - Arbitrary File Upload through Path TraversalEPSS 1.3%CVE-2024-11315CRITICALTRCore DVC - Arbitrary File Upload through Path TraversalEPSS 1.3%CVE-2024-11313CRITICALTRCore DVC - Arbitrary File Upload through Path TraversalEPSS 1.3%CVE-2024-11312CRITICALTRCore DVC - Arbitrary File Upload through Path TraversalEPSS 1.3%CVE-2024-11314CRITICALTRCore DVC - Arbitrary File Upload through Path TraversalEPSS 1.3%CVE-2024-10578HIGHPubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 1.3%CVE-2022-40087CRITICALSimple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulneEPSS 1.3%CVE-2022-41437HIGHBilling System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProducEPSS 1.3%CVE-2020-20718CRITICALFile Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to tEPSS 1.3%CVE-2020-21489CRITICALFile Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2FupdEPSS 1.3%CVE-2020-21174CRITICALFile Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.EPSS 1.3%CVE-2023-3295HIGHUnlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File UploadEPSS 1.3%CVE-2022-45802CRITICALApache StreamPark (incubating): Upload any file to any directoryEPSS 1.3%CVE-2019-10935—A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.EPSS 1.3%CVE-2024-6823HIGHMedia Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX ActionEPSS 1.3%CVE-2021-28998HIGHFile upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar fileEPSS 1.3%CVE-2024-8958HIGHUnrestricted File Write and Read in composiohq/composioEPSS 1.3%CVE-2021-27489—ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file couEPSS 1.3%