Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-41735

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-18 Nov, 2025 | 10:18
Updated At-18 Nov, 2025 | 20:58
Rejected At-
Credits

Possible arbitrary file upload

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:18 Nov, 2025 | 10:18
Updated At:18 Nov, 2025 | 20:58
Rejected At:
▼CVE Numbering Authority (CNA)
Possible arbitrary file upload

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

Affected Products
Vendor
METZ CONNECT
Product
Energy-Controlling EWIO2-M
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 2.2.0 (semver)
Vendor
METZ CONNECT
Product
Energy-Controlling EWIO2-M-BM
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 2.2.0 (semver)
Vendor
METZ CONNECT
Product
Ethernet-IO EWIO2-BM
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 2.2.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Noam Moshe from Claroty Team82
finder
Tomer Goldschmidt from Claroty Team82
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://certvde.com/de/advisories/VDE-2025-097
N/A
Hyperlink: https://certvde.com/de/advisories/VDE-2025-097
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:18 Nov, 2025 | 11:15
Updated At:21 Nov, 2025 | 19:15

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

metz-connect
metz-connect
>>ewio2-m_firmware>>Versions before 2.2.0(exclusive)
cpe:2.3:o:metz-connect:ewio2-m_firmware:*:*:*:*:*:*:*:*
metz-connect
metz-connect
>>ewio2-m>>-
cpe:2.3:h:metz-connect:ewio2-m:-:*:*:*:*:*:*:*
metz-connect
metz-connect
>>ewio2-m-bm_firmware>>Versions before 2.2.0(exclusive)
cpe:2.3:o:metz-connect:ewio2-m-bm_firmware:*:*:*:*:*:*:*:*
metz-connect
metz-connect
>>ewio2-m-bm>>-
cpe:2.3:h:metz-connect:ewio2-m-bm:-:*:*:*:*:*:*:*
metz-connect
metz-connect
>>ewio2-bm_firmware>>Versions before 2.2.0(exclusive)
cpe:2.3:o:metz-connect:ewio2-bm_firmware:*:*:*:*:*:*:*:*
metz-connect
metz-connect
>>ewio2-bm>>-
cpe:2.3:h:metz-connect:ewio2-bm:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primaryinfo@cert.vde.com
CWE ID: CWE-434
Type: Primary
Source: info@cert.vde.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://certvde.com/de/advisories/VDE-2025-097info@cert.vde.com
Third Party Advisory
Hyperlink: https://certvde.com/de/advisories/VDE-2025-097
Source: info@cert.vde.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

892Records found

CVE-2025-41736
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.63% / 45.81%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 10:18
Updated-21 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible arbitrary code execution

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.

Action-Not Available
Vendor-metz-connectMETZ CONNECT
Product-ewio2-m-bm_firmwareewio2-m_firmwareewio2-mewio2-bmewio2-m-bmewio2-bm_firmwareEnergy-Controlling EWIO2-M-BMEnergy-Controlling EWIO2-MEthernet-IO EWIO2-BM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2023-4817
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.2||HIGH
EPSS-0.62% / 45.44%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 15:03
Updated-19 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted file upload vulnerability in ICP DAS ET-7060

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.

Action-Not Available
Vendor-icpdasICP DAS
Product-et-7060et-7060_firmwareET-7060
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9860
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.31%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 04:31
Updated-18 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cf_images_do_setup AJAX handler, which requires only the upload_files capability (Author+) rather than manage_options before writing to wp-config.php, combined with the absence of single-quote escaping — sanitize_text_field() does not strip single quotes, and filter_input(INPUT_POST) bypasses wp_magic_quotes() slashing — allowing a single quote in the account-id or api-key parameter to break out of the single-quoted PHP string literal in the write_config() define() statement. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. This is possible because the 'cf-images-nonce' nonce required by the AJAX handler is exposed to all Author-level and above users on wp-admin/upload.php via the CFImages JavaScript object, meaning any upload-capable user can satisfy the nonce check and reach the vulnerable wp-config.php write path.

Action-Not Available
Vendor-vanyukov
Product-Offload, AI & Optimize with Cloudflare Images
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9009
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.45% / 35.79%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 05:30
Updated-28 May, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' shortcode attribute directly into call_user_func() with no sanitization or allowlist validation, relying solely on an is_callable() check that permits dangerous PHP built-ins such as system, shell_exec, exec, passthru, and assert. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. An identical sink exists for the 'callback' attribute, providing a second independent vector through the same shortcode.

Action-Not Available
Vendor-CodeRevolution
Product-Crawlomatic Multipage Scraper Post Generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-47706
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.84% / 53.44%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:59
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager file upload

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-26578
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-8.8||HIGH
EPSS-1.46% / 70.44%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 09:43
Updated-10 Sep, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-23814
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.7||MEDIUM
EPSS-1.82% / 76.13%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 20:00
Updated-17 Jun, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload window 3. Upload an image file, then capture the request 4. Edit the request contents with a malicious file (webshell) 5. Enter the path of file uploaded on URL - Remote Code Execution **Note:** Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).

Action-Not Available
Vendor-unisharpn/a
Product-laravel-filemanagerunisharp/laravel-filemanager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-22858
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.19% / 64.23%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 10:45
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ChanGate EnterPrise Co., Ltd property management system - Broken Authentication

Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.

Action-Not Available
Vendor-changjia_property_management_system_projectChanGate EnterPrise Co., Ltd
Product-changjia_property_management_systemproperty management system
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5247
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-26.92% / 97.79%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 22:07
Updated-11 Feb, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9227
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.01%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 06:45
Updated-28 May, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible.

Action-Not Available
Vendor-cssigniterteam
Product-GutenBee – Gutenberg Blocks
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-20131
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-16.04% / 96.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 17:30
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusManageEngine ADManager Plus Build 7111
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-24269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.11% / 61.93%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:00
Updated-30 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.

Action-Not Available
Vendor-textpatternn/a
Product-textpatternn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-8639
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-15.86% / 96.48%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 18:36
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.

Action-Not Available
Vendor-testlinkn/a
Product-testlinkn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-25134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.36% / 87.25%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 14:19
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-23328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.58%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 00:00
Updated-04 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.

Action-Not Available
Vendor-avantfaxn/a
Product-avantfaxn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6692
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.81% / 52.59%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 04:27
Updated-07 May, 2026 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.

Action-Not Available
Vendor-Revolution Slider
Product-Slider Revolution
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6518
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.87% / 54.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2026 | 03:37
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_pages` capability (available to Editors and above) instead of `manage_options` (Administrators only), combined with a lack of proper validation on the user-supplied file URL and no verification of the downloaded file's content before extraction. This makes it possible for authenticated attackers, with Administrator-level access and above, to force the server to download and extract a malicious ZIP file from a remote attacker-controlled URL into a web-accessible directory (`wp-content/plugins/cmp-premium-themes/`), resulting in remote code execution. Due to the lack of a nonce for Editors, they are unable to exploit this vulnerability.

Action-Not Available
Vendor-niteo
Product-CMP – Coming Soon & Maintenance Plugin by NiteoThemes
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-7998
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.50% / 71.17%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 04:36
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.

Action-Not Available
Vendor-super_file_explorer_projectn/a
Product-super_file_explorern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6249
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.62% / 45.51%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 19:57
Updated-25 May, 2026 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vvveb CMS 1.0.8.2 Remote Code Execution via Media Upload

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files to the publicly accessible media directory, then request the file over HTTP to achieve full server compromise.

Action-Not Available
Vendor-Vvveb
Product-Vvveb CMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-7246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-83.23% / 99.64%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 13:02
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

Action-Not Available
Vendor-qdpmn/a
Product-qdpmn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-58745
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.70% / 48.81%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 22:40
Updated-17 Sep, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint `/html/socio/sistema/controller/controla_xlsx.php`, which can be bypassed by using magic bytes of Excel file in a PHP file. As a result, attacker can upload webshell to the server for remote code execution. Version 3.4.11 contains an updated fix.

Action-Not Available
Vendor-wegiaLabRedesCefetRJ
Product-wegiaWeGIA
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-12980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-30.14% / 97.99%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

Action-Not Available
Vendor-wagon/a
Product-762-3001_firmware762-3002_firmware762-3000_firmware762-3003_firmware762-3002762-3001762-3003762-3000n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-23630
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-9||CRITICAL
EPSS-1.48% / 70.76%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:41
Updated-17 Jun, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Motorola MR2600 Arbitrary Firmware Upload Vulnerability

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mr2600mr2600_firmwareMR2600
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-25145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.23% / 86.75%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:42
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-47621
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.02% / 59.27%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 20:02
Updated-03 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via file uploads in guest-entries

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fixed in v3.1.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-duncanmccleanduncanmccleanduncanmcclean
Product-guest_entriesguest-entriesguest_entries
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-48217
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.74%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:38
Updated-30 Aug, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-statamicstatamicstatamic
Product-statamiccmscms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-46815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.55% / 42.11%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

Action-Not Available
Vendor-n/aSugarCRM Inc.
Product-sugarcrmn/asugarcrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5831
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.63% / 45.69%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 06:43
Updated-08 Apr, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-DroipThemeum
Product-droipDroip
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-26048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.86% / 76.71%
||
7 Day CHG+0.08%
Published-05 Oct, 2020 | 14:27
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.

Action-Not Available
Vendor-cuppacmsn/a
Product-cuppacmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-4620
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-5.19% / 91.45%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-45595
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.42% / 34.09%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 11:29
Updated-11 Apr, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

Action-Not Available
Vendor-ailuxAiLuxailux
Product-imx6imx6 bundleimx6_bundle
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-5846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.40% / 69.17%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 20:11
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds.

Action-Not Available
Vendor-ahsayn/a
Product-cloud_backup_suiten/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-46428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.98% / 57.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 00:00
Updated-12 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file.

Action-Not Available
Vendor-hadskyn/a
Product-hadskyn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-5256
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-1.95% / 77.82%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:50
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution Through Image Uploads in BookStack

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.

Action-Not Available
Vendor-bookstackappBookStackApp
Product-bookstackBookStack
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-46149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.58% / 43.63%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:33
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.

Action-Not Available
Vendor-themifyThemify
Product-ultraThemify Ultra
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-58159
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.69% / 48.20%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 22:15
Updated-24 Sep, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.

Action-Not Available
Vendor-wegiaLabRedesCefetRJ
Product-wegiaWeGIA
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-45353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.96%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.

Action-Not Available
Vendor-atosn/a
Product-unify_openscape_common_managementn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-37113
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.78% / 51.48%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 16:52
Updated-12 Feb, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Action-Not Available
Vendor-gunetOpeneclass
Product-open_eclass_platformGUnet OpenEclass
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-4409
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.76% / 50.88%
||
7 Day CHG~0.00%
Published-18 Aug, 2023 | 13:00
Updated-02 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NBS&HappySoftWeChat unrestricted upload

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.

Action-Not Available
Vendor-happysoftn/a
Product-nbs\&happysoftwechatNBS&HappySoftWeChat
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-22895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 51.02%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 00:00
Updated-05 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-36942
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.61% / 44.87%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 15:23
Updated-10 Feb, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Victor CMS 1.0 - File Upload To RCE

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.

Action-Not Available
Vendor-victor_cms_projectVictorAlagwu
Product-victor_cmsCMSsite
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-44061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.24% / 65.50%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.

Action-Not Available
Vendor-n/ahabencs
Product-simple_and_nice_shopping_cart_scriptn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-37227
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.54% / 41.52%
||
7 Day CHG~0.00%
Published-16 May, 2026 | 15:25
Updated-18 May, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.

Action-Not Available
Vendor-Heliossolutions
Product-HS Brand Logo Slider
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6261
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.94%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-05 May, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files (including PHP) and achieve remote code execution via the Icons icon-pack upload flow.

Action-Not Available
Vendor-Muffin Group
Product-Betheme
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-37009
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.52% / 40.38%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MedDream PACS Server 6.8.3.751 - Remote Code Execution

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.

Action-Not Available
Vendor-MedDream
Product-MedDream PACS Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-37073
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.47% / 37.35%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 22:01
Updated-10 Feb, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.

Action-Not Available
Vendor-victor_cms_projectVictorAlagwu
Product-victor_cmsCMSsite
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-23180
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.92% / 55.86%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 09:37
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.

Action-Not Available
Vendor-applepleappleple inc.
Product-a-blog_cmsa-blog cms Ver.2.10.x seriesa-blog cms Ver.2.11.x seriesa-blog cms Ver.3.1.x seriesa-blog cmsa-blog cms Ver.3.0.x series
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-36863
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.26% / 65.96%
||
7 Day CHG+0.11%
Published-30 Oct, 2025 | 21:46
Updated-17 Nov, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An authenticated attacker with access to the audio import feature could upload a crafted PHP file and then request it to achieve remote code execution with the privileges of the application service.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiXI
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-36701
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-1.53% / 71.69%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server.

Action-Not Available
Vendor-king-themekingthemes
Product-page_builder_king_composerPage Builder: KingComposer – Free Drag and Drop page builder by King-Theme
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-35945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.42% / 82.18%
||
7 Day CHG+0.07%
Published-01 Jan, 2021 | 03:28
Updated-04 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.

Action-Not Available
Vendor-elegantthemesn/a
Product-divi_builderextradivin/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 17
  • 18
  • Next
Details not found