File Upload
Monthly
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server.5.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was identified in code-projects eBlog Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%.
A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in oitcode samarium up to 0.9.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.
CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.
Sflog!. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()'. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.
A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.8%.
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The BerqWP - Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Unrestricted HTML file upload in CS-Cart 4.18.3 enables stored cross-site scripting and phishing attacks against users of affected storefronts. An attacker who can upload files to the platform may submit a crafted HTML document subsequently served from the trusted store domain, allowing arbitrary JavaScript execution in victims' browsers or presentation of convincing fake login pages for credential harvesting. Publicly available exploit code exists on GitHub; the EPSS score of 0.22% (13th percentile) reflects low observed exploitation pressure and the vulnerability is not listed in the CISA KEV catalog.
Unrestricted file upload in Campcodes Online Hotel Reservation System 1.0 allows high-privileged authenticated administrators to upload arbitrary files via the photo parameter in /admin/edit_room.php, potentially leading to remote code execution. The vulnerability requires administrative credentials to exploit and has publicly available proof-of-concept code, but carries low real-world risk due to the high privilege requirement (PR:H) and limited confidentiality/integrity impact in the CVSS v4.0 vector.
Unrestricted file upload in OpenViglet Shio through version 0.3.8 allows authenticated remote attackers to upload arbitrary files via manipulation of the filename parameter in the ShStaticFileAPI.shStaticFileUpload function. The vulnerability requires valid authentication credentials but lacks proper input validation on uploaded filenames, enabling arbitrary file placement on the server. Publicly available exploit code exists, though EPSS score remains low at 0.11% (28th percentile), suggesting limited real-world exploitation despite public disclosure.
File upload restriction bypass in 299Ko CMS 2.0.0 allows authenticated administrators to upload arbitrary files via the /admin/filemanager/view endpoint, classified as critical but constrained by high-privilege requirement. The vulnerability stems from improper access controls in the file management component (CWE-284). While a public exploit disclosure exists, the EPSS score of 0.06% and CVSS 2.0 reflect the mitigation factor of administrator-level privileges required (PR:H), making real-world exploitation practical only against compromised or malicious admin accounts.
Unrestricted file upload in code-projects Online Ordering System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/product.php, potentially enabling remote code execution. Despite a critical severity classification, the CVSS 4.0 score of 2.1 reflects low actual impact due to required authentication and limited scope. Publicly available exploit code exists; however, the 0.10% EPSS score (27th percentile) indicates minimal real-world exploitation likelihood, suggesting this is a low-priority vulnerability in practice.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection in Jingmen Zeyou Large File Upload Control through version 6.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /index.jsp, with publicly available exploit code and vendor non-responsiveness indicating limited remediation prospects.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated remote attackers to upload arbitrary files via the photo parameter in /admin/candidates_add.php, potentially enabling remote code execution. The vulnerability requires valid administrative credentials and has been publicly disclosed with exploit code available, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.06% EPSS percentile reflecting low automatable impact and authentication barriers.
Unrestricted file upload in code-projects Document Management System 1.0 via the /insert.php endpoint allows authenticated remote attackers to upload arbitrary files by manipulating the uploaded_file parameter, potentially enabling remote code execution or data exfiltration. Publicly available exploit code exists, though EPSS score of 0.06% suggests limited real-world exploitation likelihood due to low attack impact and authenticated access requirement.
Arbitrary file upload in Themeum Droip WordPress plugin (versions up to 2.5.1) permits authenticated attackers with Subscriber-level privileges or higher to upload malicious files without file type validation in the make_google_font_offline() function, enabling remote code execution on the affected server. CVSS 8.8 severity reflects low privilege requirement (PR:L) and complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.
Unrestricted file upload vulnerability in zhousg letao allows authenticated remote attackers to upload arbitrary files via manipulation of the pictrdtz argument in routes/bf/product.js, leading to potential code execution or system compromise. The vulnerability affects rolling-release versions up to commit 7d8df0386a65228476290949e0413de48f7fbe98, with publicly available exploit code disclosed but limited real-world exploitation risk due to CVSS 2.1 score and low EPSS (0.07%, 20th percentile), suggesting this is primarily a design flaw rather than an actively weaponized threat.
Unauthenticated remote code execution in SMG Software Information Portal versions prior to 13.06.2025 allows attackers to upload web shells and inject OS commands, achieving full server compromise with a maximum CVSS score of 10.0. The vulnerability was reported by Turkey's national CERT (USOM) and no public exploit identified at time of analysis, though the trivial attack complexity and network-accessible nature make it a critical priority for any organization running the affected product.
Arbitrary command execution in Pluck CMS 4.7.20-dev lets an authenticated administrator upload a crafted PHP file into the albums module directory and then invoke it through the routing logic in albums.site.php, passing OS commands via a GET parameter. The flaw stems from unrestricted file upload (CWE-434) combined with the module directory being directly web-accessible and PHP-executable, turning legitimate album management into a code-execution primitive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, with a low EPSS probability of 0.51% (40th percentile).
A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
RuoYi versions up to 4.8.1 allow authenticated users to upload files without restriction via the CommonController.uploadFile function, enabling arbitrary file upload. The vulnerability requires valid credentials (PR:L per CVSS vector) but permits remote exploitation with low complexity. Public exploit code exists; however, EPSS score of 0.05% (15th percentile) suggests minimal real-world exploitation despite public disclosure, indicating the threat is constrained by authentication requirements or other practical barriers.
Unrestricted file upload in Codecanyon iDentSoft 2.0 Account Setting Page allows high-privileged remote attackers to upload arbitrary files via the photo parameter in /clinica/profile/updateSetting, potentially enabling code execution or system compromise. CVSS score of 2.0 reflects the requirement for high-privilege authentication, but publicly available exploit code exists and the vulnerability has been disclosed. This is primarily a privilege-escalation concern affecting administrators rather than a default-configuration flaw.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the File parameter in /business/common/sms/sendsms.jsp, potentially leading to remote code execution or data compromise. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and the vendor has not responded to early disclosure.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 via the mobileupload.jsp endpoint allows authenticated remote attackers to upload arbitrary files with limited integrity and confidentiality impact. The vulnerability has been publicly disclosed with exploit code available on GitHub. Despite early vendor contact, Metasoft has not provided a patch or acknowledgment, leaving deployments unpatched.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the /common/jsp/upload2.jsp endpoint, potentially enabling remote code execution or data exfiltration. The vulnerability requires valid user credentials (PR:L) but involves minimal technical complexity (AC:L). Public exploit code is available and the vendor has not responded to early disclosure notifications.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the File parameter in sendfile.jsp, potentially enabling remote code execution or data exfiltration. The vulnerability has publicly available exploit code and affects systems with basic user authentication; however, the CVSS score of 2.1 reflects limited confidentiality, integrity, and availability impact in the base score, though exploitability is marked as probable (E:P).
Unrestricted file upload in JeeSite up to version 5.12.0 allows authenticated remote attackers to upload arbitrary files via the FileUploadController, potentially leading to remote code execution or data exfiltration. The vulnerability has a publicly disclosed proof-of-concept and is classified as critical despite a low CVSS 4.0 score of 2.1, indicating that the CVSS vector (requiring authenticated access and limited scope of impact) does not fully reflect the practical severity of unrestricted file upload capabilities in a web application context.
Unrestricted file upload in code-projects Online Ordering System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/edit_product.php, enabling remote code execution. The vulnerability affects the admin product editing functionality and has publicly available exploit code; however, the low CVSS score (2.1) and minimal EPSS percentile (26%) indicate limited real-world exploitation despite authenticated access requirements.
Upload of arbitrary files in Groundhogg WordPress plugin through version 4.2.1 enables attackers to upload web shells to the server, achieving remote code execution. The vulnerability stems from insufficient validation of uploaded file types, allowing an attacker to bypass file type restrictions and execute malicious code on the affected web server. This is a critical vulnerability affecting a widely-used WordPress plugin, though current EPSS scoring (0.09%) suggests low real-world exploitation probability at time of analysis.
Unrestricted file upload vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce through version 1.2.3 allows attackers to upload web shells to the server, enabling remote code execution. The plugin fails to properly validate uploaded file types, permitting dangerous executable files to be stored in web-accessible directories. No CVSS score or public exploit code has been published; however, the low EPSS score (0.11%, 29th percentile) suggests minimal exploitation probability despite the high intrinsic severity of arbitrary file upload to WordPress environments.
Unauthenticated remote code execution in HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks plugin (all versions ≤2.2.1) allows attackers to upload arbitrary files to the WordPress server. Missing file type validation in temp_file_upload() function enables unrestricted file uploads, permitting execution of malicious scripts. Critical severity (CVSS 9.8) due to network-accessible attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis.
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the function fileUpload of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
CVE-2025-7547 is a critical unrestricted file upload vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the save_movie function in /admin/admin_class.php. An unauthenticated remote attacker can manipulate the 'cover' parameter to upload arbitrary files, potentially leading to remote code execution, data compromise, and service disruption. The exploit has been publicly disclosed and may be actively exploited in the wild.
CVE-2025-7538 is a critical unrestricted file upload vulnerability in Campcodes Sales and Inventory System version 1.0, specifically in the /pages/product_update.php file's image parameter handling. An unauthenticated remote attacker can upload arbitrary files without restriction, potentially leading to remote code execution, data compromise, and system availability impact. The vulnerability has been publicly disclosed with exploit code available, making active exploitation a significant concern.
A vulnerability, which was classified as critical, was found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A security vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
ProcessMaker BPM platform versions prior to 3.5.4 contain an unrestricted file upload vulnerability in the plugin installation mechanism. An admin can upload a malicious .tar plugin containing arbitrary PHP code that executes during the plugin's install() method, achieving remote code execution on the workflow automation server.
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server.5.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was identified in code-projects eBlog Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%.
A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in oitcode samarium up to 0.9.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.
CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.
Sflog!. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()'. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.5%.
A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.7%.
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.8%.
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The BerqWP - Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Unrestricted HTML file upload in CS-Cart 4.18.3 enables stored cross-site scripting and phishing attacks against users of affected storefronts. An attacker who can upload files to the platform may submit a crafted HTML document subsequently served from the trusted store domain, allowing arbitrary JavaScript execution in victims' browsers or presentation of convincing fake login pages for credential harvesting. Publicly available exploit code exists on GitHub; the EPSS score of 0.22% (13th percentile) reflects low observed exploitation pressure and the vulnerability is not listed in the CISA KEV catalog.
Unrestricted file upload in Campcodes Online Hotel Reservation System 1.0 allows high-privileged authenticated administrators to upload arbitrary files via the photo parameter in /admin/edit_room.php, potentially leading to remote code execution. The vulnerability requires administrative credentials to exploit and has publicly available proof-of-concept code, but carries low real-world risk due to the high privilege requirement (PR:H) and limited confidentiality/integrity impact in the CVSS v4.0 vector.
Unrestricted file upload in OpenViglet Shio through version 0.3.8 allows authenticated remote attackers to upload arbitrary files via manipulation of the filename parameter in the ShStaticFileAPI.shStaticFileUpload function. The vulnerability requires valid authentication credentials but lacks proper input validation on uploaded filenames, enabling arbitrary file placement on the server. Publicly available exploit code exists, though EPSS score remains low at 0.11% (28th percentile), suggesting limited real-world exploitation despite public disclosure.
File upload restriction bypass in 299Ko CMS 2.0.0 allows authenticated administrators to upload arbitrary files via the /admin/filemanager/view endpoint, classified as critical but constrained by high-privilege requirement. The vulnerability stems from improper access controls in the file management component (CWE-284). While a public exploit disclosure exists, the EPSS score of 0.06% and CVSS 2.0 reflect the mitigation factor of administrator-level privileges required (PR:H), making real-world exploitation practical only against compromised or malicious admin accounts.
Unrestricted file upload in code-projects Online Ordering System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/product.php, potentially enabling remote code execution. Despite a critical severity classification, the CVSS 4.0 score of 2.1 reflects low actual impact due to required authentication and limited scope. Publicly available exploit code exists; however, the 0.10% EPSS score (27th percentile) indicates minimal real-world exploitation likelihood, suggesting this is a low-priority vulnerability in practice.
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection in Jingmen Zeyou Large File Upload Control through version 6.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /index.jsp, with publicly available exploit code and vendor non-responsiveness indicating limited remediation prospects.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated remote attackers to upload arbitrary files via the photo parameter in /admin/candidates_add.php, potentially enabling remote code execution. The vulnerability requires valid administrative credentials and has been publicly disclosed with exploit code available, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.06% EPSS percentile reflecting low automatable impact and authentication barriers.
Unrestricted file upload in code-projects Document Management System 1.0 via the /insert.php endpoint allows authenticated remote attackers to upload arbitrary files by manipulating the uploaded_file parameter, potentially enabling remote code execution or data exfiltration. Publicly available exploit code exists, though EPSS score of 0.06% suggests limited real-world exploitation likelihood due to low attack impact and authenticated access requirement.
Arbitrary file upload in Themeum Droip WordPress plugin (versions up to 2.5.1) permits authenticated attackers with Subscriber-level privileges or higher to upload malicious files without file type validation in the make_google_font_offline() function, enabling remote code execution on the affected server. CVSS 8.8 severity reflects low privilege requirement (PR:L) and complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.
Unrestricted file upload vulnerability in zhousg letao allows authenticated remote attackers to upload arbitrary files via manipulation of the pictrdtz argument in routes/bf/product.js, leading to potential code execution or system compromise. The vulnerability affects rolling-release versions up to commit 7d8df0386a65228476290949e0413de48f7fbe98, with publicly available exploit code disclosed but limited real-world exploitation risk due to CVSS 2.1 score and low EPSS (0.07%, 20th percentile), suggesting this is primarily a design flaw rather than an actively weaponized threat.
Unauthenticated remote code execution in SMG Software Information Portal versions prior to 13.06.2025 allows attackers to upload web shells and inject OS commands, achieving full server compromise with a maximum CVSS score of 10.0. The vulnerability was reported by Turkey's national CERT (USOM) and no public exploit identified at time of analysis, though the trivial attack complexity and network-accessible nature make it a critical priority for any organization running the affected product.
Arbitrary command execution in Pluck CMS 4.7.20-dev lets an authenticated administrator upload a crafted PHP file into the albums module directory and then invoke it through the routing logic in albums.site.php, passing OS commands via a GET parameter. The flaw stems from unrestricted file upload (CWE-434) combined with the module directory being directly web-accessible and PHP-executable, turning legitimate album management into a code-execution primitive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, with a low EPSS probability of 0.51% (40th percentile).
A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
RuoYi versions up to 4.8.1 allow authenticated users to upload files without restriction via the CommonController.uploadFile function, enabling arbitrary file upload. The vulnerability requires valid credentials (PR:L per CVSS vector) but permits remote exploitation with low complexity. Public exploit code exists; however, EPSS score of 0.05% (15th percentile) suggests minimal real-world exploitation despite public disclosure, indicating the threat is constrained by authentication requirements or other practical barriers.
Unrestricted file upload in Codecanyon iDentSoft 2.0 Account Setting Page allows high-privileged remote attackers to upload arbitrary files via the photo parameter in /clinica/profile/updateSetting, potentially enabling code execution or system compromise. CVSS score of 2.0 reflects the requirement for high-privilege authentication, but publicly available exploit code exists and the vulnerability has been disclosed. This is primarily a privilege-escalation concern affecting administrators rather than a default-configuration flaw.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the File parameter in /business/common/sms/sendsms.jsp, potentially leading to remote code execution or data compromise. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and the vendor has not responded to early disclosure.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 via the mobileupload.jsp endpoint allows authenticated remote attackers to upload arbitrary files with limited integrity and confidentiality impact. The vulnerability has been publicly disclosed with exploit code available on GitHub. Despite early vendor contact, Metasoft has not provided a patch or acknowledgment, leaving deployments unpatched.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the /common/jsp/upload2.jsp endpoint, potentially enabling remote code execution or data exfiltration. The vulnerability requires valid user credentials (PR:L) but involves minimal technical complexity (AC:L). Public exploit code is available and the vendor has not responded to early disclosure notifications.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the File parameter in sendfile.jsp, potentially enabling remote code execution or data exfiltration. The vulnerability has publicly available exploit code and affects systems with basic user authentication; however, the CVSS score of 2.1 reflects limited confidentiality, integrity, and availability impact in the base score, though exploitability is marked as probable (E:P).
Unrestricted file upload in JeeSite up to version 5.12.0 allows authenticated remote attackers to upload arbitrary files via the FileUploadController, potentially leading to remote code execution or data exfiltration. The vulnerability has a publicly disclosed proof-of-concept and is classified as critical despite a low CVSS 4.0 score of 2.1, indicating that the CVSS vector (requiring authenticated access and limited scope of impact) does not fully reflect the practical severity of unrestricted file upload capabilities in a web application context.
Unrestricted file upload in code-projects Online Ordering System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/edit_product.php, enabling remote code execution. The vulnerability affects the admin product editing functionality and has publicly available exploit code; however, the low CVSS score (2.1) and minimal EPSS percentile (26%) indicate limited real-world exploitation despite authenticated access requirements.
Upload of arbitrary files in Groundhogg WordPress plugin through version 4.2.1 enables attackers to upload web shells to the server, achieving remote code execution. The vulnerability stems from insufficient validation of uploaded file types, allowing an attacker to bypass file type restrictions and execute malicious code on the affected web server. This is a critical vulnerability affecting a widely-used WordPress plugin, though current EPSS scoring (0.09%) suggests low real-world exploitation probability at time of analysis.
Unrestricted file upload vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce through version 1.2.3 allows attackers to upload web shells to the server, enabling remote code execution. The plugin fails to properly validate uploaded file types, permitting dangerous executable files to be stored in web-accessible directories. No CVSS score or public exploit code has been published; however, the low EPSS score (0.11%, 29th percentile) suggests minimal exploitation probability despite the high intrinsic severity of arbitrary file upload to WordPress environments.
Unauthenticated remote code execution in HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks plugin (all versions ≤2.2.1) allows attackers to upload arbitrary files to the WordPress server. Missing file type validation in temp_file_upload() function enables unrestricted file uploads, permitting execution of malicious scripts. Critical severity (CVSS 9.8) due to network-accessible attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis.
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the function fileUpload of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
CVE-2025-7547 is a critical unrestricted file upload vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the save_movie function in /admin/admin_class.php. An unauthenticated remote attacker can manipulate the 'cover' parameter to upload arbitrary files, potentially leading to remote code execution, data compromise, and service disruption. The exploit has been publicly disclosed and may be actively exploited in the wild.
CVE-2025-7538 is a critical unrestricted file upload vulnerability in Campcodes Sales and Inventory System version 1.0, specifically in the /pages/product_update.php file's image parameter handling. An unauthenticated remote attacker can upload arbitrary files without restriction, potentially leading to remote code execution, data compromise, and system availability impact. The vulnerability has been publicly disclosed with exploit code available, making active exploitation a significant concern.
A vulnerability, which was classified as critical, was found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A security vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
ProcessMaker BPM platform versions prior to 3.5.4 contain an unrestricted file upload vulnerability in the plugin installation mechanism. An admin can upload a malicious .tar plugin containing arbitrary PHP code that executes during the plugin's install() method, achieving remote code execution on the workflow automation server.
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.