Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-36705

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-07 Jun, 2023 | 12:43
Updated At-08 Apr, 2026 | 16:50
Rejected At-
Credits

Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:07 Jun, 2023 | 12:43
Updated At:08 Apr, 2026 | 16:50
Rejected At:
â–¼CVE Numbering Authority (CNA)
Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Affected Products
Vendor
tunafish
Product
Adning Advertising
Default Status
unaffected
Versions
Affected
  • From 0 through 1.5.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Jerome Bruandet
Timeline
EventDate
Disclosed2020-07-07 00:00:00
Event: Disclosed
Date: 2020-07-07 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
N/A
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
N/A
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
N/A
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
N/A
https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
Resource: N/A
Hyperlink: https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Resource: N/A
Hyperlink: https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
Resource: N/A
Hyperlink: https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
Resource: N/A
Hyperlink: https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
x_transferred
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
x_transferred
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
x_transferred
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
x_transferred
https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
Resource:
x_transferred
Hyperlink: https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
Resource:
x_transferred
Hyperlink: https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
Resource:
x_transferred
Hyperlink: https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:07 Jun, 2023 | 13:15
Updated At:08 Apr, 2026 | 18:17

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

tunasite
tunasite
>>adning_advertising>>Versions before 1.5.6(exclusive)
cpe:2.3:a:tunasite:adning_advertising:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarysecurity@wordfence.com
CWE ID: CWE-434
Type: Primary
Source: security@wordfence.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/security@wordfence.com
Third Party Advisory
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693security@wordfence.com
Product
https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830csecurity@wordfence.com
Third Party Advisory
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/security@wordfence.com
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cvesecurity@wordfence.com
Third Party Advisory
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693af854a3a-2127-422b-91ae-364da2661108
Product
https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830caf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
Source: security@wordfence.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1204Records found

CVE-2020-36728
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-3.16% / 86.42%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 12:43
Updated-08 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

Action-Not Available
Vendor-tunasitetunafish
Product-adning_advertisingAdning Advertising
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-11598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.51% / 82.84%
||
7 Day CHG~0.00%
Published-06 Apr, 2020 | 21:31
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.

Action-Not Available
Vendor-cipplannern/a
Product-cipacen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-44849
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-46.30% / 98.67%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-01 Jul, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

Action-Not Available
Vendor-qualitorn/aqualitor
Product-qualitorn/aqalitor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.27%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.

Action-Not Available
Vendor-hkcmsn/ahkcms
Product-hkcmsn/ahkcms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-20451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.72% / 93.89%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 14:39
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)

Action-Not Available
Vendor-n/aSamsung
Product-prismview_system_9prismview_player_11n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-7852
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 27.80%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 11:36
Updated-11 Jun, 2026 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted File Upload in Limatek's LimRAD NAC

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9.

Action-Not Available
Vendor-Limatek System Inc.
Product-LimRAD NAC
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-19634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.15% / 89.64%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 17:11
Updated-26 Jun, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.

Action-Not Available
Vendor-verot_projectjoomlaworksn/a
Product-verotk2n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-19595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.00% / 89.28%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 15:25
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

Action-Not Available
Vendor-n/aAdobe Inc.PrestaShop S.A
Product-stock_api_integrationprestashopn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5746
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 45.01%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 03:47
Updated-08 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload

The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() function in version 5.0 - 5.0.5 (when bundled with the PrintSpace theme) and all versions up to, and including, 1.7.1 (in the standalone version). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The execution of PHP is disabled via a .htaccess file but is still possible in certain server configurations. CVE-2025-49885 may be a duplicate of this.

Action-Not Available
Vendor-CodeDropz
Product-Drag and Drop Multiple File Upload (Pro) - WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-22151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 70.26%
||
7 Day CHG+0.29%
Published-03 Jul, 2023 | 00:00
Updated-25 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.

Action-Not Available
Vendor-thedaylightstudion/a
Product-fuel_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-42777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.96%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 00:00
Updated-23 Aug, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Action-Not Available
Vendor-lopalopan/aKashipara Group
Product-music_management_systemn/amusic_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-54414
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
ShareView Details
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
CVSS Score-9.3||CRITICAL
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 05:41
Updated-22 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php), leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename() and REGEX_FILE_NAME, which permit URL-encoded sequences (the regex blocks / and \ but not %). The raw filename is then passed to UploadModel::handleUpload, where it is reconstructed as trim(urldecode(basename($fileName))), re-introducing path separators after validation (e.g. ..%2fusers%2fusers.txt becomes ../users/users.txt). UploadNamePolicy::isAllowedForWrite() applies basename() internally and therefore only evaluates the final component (users.txt), allowing the traversal sequence to pass the extension policy. The destination path is then used directly in move_uploaded_file() with no realpath containment check, allowing a write outside the intended upload directory. An attacker who possesses a valid, non-expired, upload-enabled shared-folder link/token (which are designed to be shared publicly) can overwrite users/users.txt to create an administrator account, resulting in unauthenticated admin takeover and, depending on configuration, remote code execution. Exploitation requires possession of a valid, non-expired, upload-enabled shared-folder link/token. This issue is fixed in 3.16.0, which URL-decodes before validation and rejects any path separators in the upload filename.

Action-Not Available
Vendor-error311
Product-FileRise
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-28023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 67.17%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 14:28
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.

Action-Not Available
Vendor-servicetonicn/a
Product-servicetonicn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-57460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 30.49%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 00:00
Updated-31 Dec, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.

Action-Not Available
Vendor-machsoln/a
Product-machpaneln/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-6918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-1.92% / 77.40%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 16:32
Updated-06 Aug, 2024 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-markvision_enterprisen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-55251
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-3.1||LOW
EPSS-0.18% / 7.38%
||
7 Day CHG~0.00%
Published-19 Jan, 2026 | 17:39
Updated-25 Apr, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL AION is affected by an Unrestricted File Upload vulnerability

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aionAION
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54944
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-6.9||MEDIUM
EPSS-0.64% / 46.43%
||
7 Day CHG~0.00%
Published-30 Aug, 2025 | 03:45
Updated-30 Jan, 2026 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

Action-Not Available
Vendor-sun.netSUNNET Technology Co., Ltd.
Product-ehrd_ctmsCorporate Training Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-53787
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-4.59% / 90.50%
||
7 Day CHG+0.90%
Published-12 Jun, 2026 | 13:52
Updated-13 Jun, 2026 | 03:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without authentication, session validation, or cart context. Attackers can upload PHP files to achieve remote code execution on servers where the media directory permits PHP execution, or alternatively enable malware hosting, stored cross-site scripting via HTML or SVG uploads, and path traversal to write files outside the intended upload directory.

Action-Not Available
Vendor-Amasty
Product-Order Attributes for Magento 2
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-50873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 35.39%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 00:00
Updated-16 Jun, 2026 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-55267
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.7||MEDIUM
EPSS-0.29% / 21.26%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:01
Updated-26 Mar, 2026 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aftermarket_cloudAftermarket DPC
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-55835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 62.33%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 00:00
Updated-05 Jul, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.

Action-Not Available
Vendor-sueamcms_projectn/a
Product-sueamcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54440
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 39.24%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 05:33
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54442
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 37.50%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 05:34
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54449
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.85%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 05:27
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-magicinfo_9_serverMagicINFO 9 Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2014-8516
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-81.68% / 99.60%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 20:08
Updated-06 Aug, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

Action-Not Available
Vendor-cloudfastpathn/a
Product-netcharts_servern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54448
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 44.26%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 05:31
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-Samsung Electronics
Product-MagicINFO 9 Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-16700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.53% / 82.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:37
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.

Action-Not Available
Vendor-slub-dresdenn/a
Product-slub_eventsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-2068
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-39.62% / 98.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 13:17
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Action-Not Available
Vendor-advancedfilemanagerUnknown
Product-file_manager_advanced_shortcodefile-manager-advanced-shortcode
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-36097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 54.46%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 00:00
Updated-02 Dec, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.

Action-Not Available
Vendor-funadminn/a
Product-funadminn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-48908
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-10||CRITICAL
EPSS-0.73% / 49.93%
||
7 Day CHG-0.05%
Published-20 Jun, 2026 | 11:57
Updated-30 Jun, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

Action-Not Available
Vendor-ollyojoomshaper.net
Product-sp_page_builderSP Page Builder extension for Joomla
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-4885
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 57.04%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 06:46
Updated-19 May, 2026 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit can only be exploited if a file field is added to the form.

Action-Not Available
Vendor-Piotnet
Product-Piotnet Addons For Elementor Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-48939
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-10||CRITICAL
EPSS-0.52% / 40.48%
||
7 Day CHG+0.04%
Published-20 Jun, 2026 | 11:56
Updated-03 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Action-Not Available
Vendor-joomlicicagenda.com
Product-icagendaiCagenda extension for Joomla
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-4809
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
ShareView Details
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
CVSS Score-9.3||CRITICAL
EPSS-1.28% / 66.50%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 11:03
Updated-19 May, 2026 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe Client MIME Type Handling Can Enable Arbitrary File Upload in plank/laravel-mediable

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored in a web-accessible and executable location, this may lead to remote code execution. At the time of publication, no patch was available and the vendor had not responded to coordinated disclosure attempts.

Action-Not Available
Vendor-plank
Product-laravel-mediable
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5171
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.44%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 05:31
Updated-03 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload

A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-llisoftllisoft
Product-mta_maita_training_systemMTA Maita Training System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-52353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.73%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 00:00
Updated-09 Sep, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension.

Action-Not Available
Vendor-uatechn/a
Product-badason/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5162
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.99%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 01:00
Updated-03 Jun, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C SecCenter SMP-E1114P02 importFile unrestricted upload

A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile_2 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-seccenter_smp-1114p02SecCenter SMP-E1114P02
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5108
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.44%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:31
Updated-02 Jul, 2025 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-shopxozongzhige
Product-shopxoShopXO
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-4882
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 46.79%
||
7 Day CHG~0.00%
Published-02 May, 2026 | 04:27
Updated-05 May, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability can only be exploited if a "Profile Picture" field is added to the form.

Action-Not Available
Vendor-WPEverest
Product-User Registration Advanced Fields
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-4883
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 52.46%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 11:18
Updated-19 May, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit can only be exploited if a file field is added to the form.

Action-Not Available
Vendor-Piotnet
Product-Piotnet Forms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5178
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.14%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 09:00
Updated-03 Jun, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Realce Tecnologia Queue Ticket Kiosk Image File ajax.php unrestricted upload

A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files[] leads to unrestricted upload. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-realcetecnologiaRealce Tecnologia
Product-queue_ticket_kioskQueue Ticket Kiosk
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-52239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.15%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 00:00
Updated-05 Jul, 2026 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

Action-Not Available
Vendor-zkean/a
Product-zkeacmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-51511
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 24.65%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 00:00
Updated-06 Jan, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.

Action-Not Available
Vendor-cadmium-cmsn/a
Product-cadmium_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-2071
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-9.8||CRITICAL
EPSS-10.97% / 95.35%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 13:12
Updated-25 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FactoryTalk View Machine Edition Vulnerable to Remote Code Execution

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets.  The device has the functionality, through a CIP class, to execute exported functions from libraries.  There is a routine that restricts it to execute specific functions from two dynamic link library files.  By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-panelview_plusfactorytalk_viewFa
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-40625
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.3||CRITICAL
EPSS-0.59% / 43.85%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 10:43
Updated-13 May, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in TCMAN's GIM

Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).

Action-Not Available
Vendor-tcmanTCMAN
Product-gimGIM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-42180
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-1.6||LOW
EPSS-0.25% / 16.00%
||
7 Day CHG~0.00%
Published-12 Jan, 2025 | 21:53
Updated-16 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL MyXalytics is affected by a malicious file upload vulnerability

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsDRYiCE MyXalytics
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-48471
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.96% / 57.17%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 15:17
Updated-10 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeScout Vulnerable to Arbitrary File Upload

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179.

Action-Not Available
Vendor-freescoutfreescout-help-desk
Product-freescoutfreescout
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47787
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.62% / 45.16%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 19:27
Updated-01 Jul, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emlog Pro Contains a File Upload Vulnerability

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue.

Action-Not Available
Vendor-emlogemlog
Product-emlogemlog
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1558
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.73% / 49.62%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 11:00
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload

A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223551.

Action-Not Available
Vendor-simple_and_beautiful_shopping_cart_system_projectn/a
Product-simple_and_beautiful_shopping_cart_systemSimple and Beautiful Shopping Cart System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1391
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.70% / 48.84%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 14:21
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Tours & Travels Management System ab.php unrestricted upload

A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-online_tours_\&_travels_management_systemOnline Tours & Travels Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-48782
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.9||CRITICAL
EPSS-0.44% / 35.39%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:24
Updated-04 Feb, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found