The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

In ForestBlog, as of 2021-12-28, File upload can bypass verification.

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.

The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.

A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.

SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.

Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.

Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.

Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.

Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.

Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.