Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22080.
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905.
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.