Skip to main content

File Upload

4030 CVEs technique

Monthly

CVE-2026-1445 LOW Monitor

Unrestricted file upload in iJason-Liu Books_Manager allows authenticated attackers with high privileges to upload arbitrary files via the book_cover parameter in the upload_bookCover.php controller. Public exploit code exists for this vulnerability, increasing the risk of exploitation. A patch is not currently available for this rolling-release product.

PHP Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1424 LOW POC Monitor

Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.

File Upload Authentication Bypass News Portal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1423 LOW POC Monitor

Unrestricted file upload in code-projects Online Examination System 1.0 via the /admin_pic.php endpoint allows authenticated remote attackers to upload arbitrary files with minimal complexity. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable code execution or system compromise depending on server configuration and file handling.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-69312 CRITICAL Act Now

Xpro Elementor Addons WordPress plugin has an unrestricted file upload allowing attackers to upload dangerous file types through the Elementor builder integration.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-68001 CRITICAL Act Now

g-FFL Checkout WordPress plugin has an unrestricted file upload vulnerability allowing attackers to upload web shells for remote code execution.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-50002 CRITICAL Act Now

Farost Energia WordPress plugin allows unrestricted file upload enabling attackers to upload web shells and achieve remote code execution on the WordPress server.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-10856 HIGH This Week

Solvera Software Services Trade Inc. Teknoera is affected by unrestricted upload of file with dangerous type (CVSS 8.1).

File Upload
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-1331 CRITICAL Act Now

HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.

File Upload RCE Meetinghub Paperless Meetings
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24035 MEDIUM POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). [CVSS 4.3 MEDIUM]

File Upload Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24010 HIGH POC This Week

Horilla versions up to 1.5.0 contains a vulnerability that allows attackers to deploy phishing attacks (CVSS 8.0).

File Upload Horilla
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-23499 MEDIUM PATCH This Month

Authenticated staff users in Saleor e-commerce platform versions 3.0.0 through 3.22.26 can upload malicious HTML and SVG files containing JavaScript that execute in users' browsers when served from the same domain as the dashboard, potentially allowing token theft. An attacker with staff privileges could craft script injections to compromise other staff members' sessions and access tokens. This vulnerability affects deployments where media files are hosted on the same domain as the dashboard and patches are available in versions 3.20.108, 3.21.43, and 3.22.27.

File Upload XSS Saleor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1222 HIGH This Week

Remote code execution in BROWAN COMMUNICATIONS PrismX MX100 AP controller allows high-privileged remote attackers to upload arbitrary files and execute web shell backdoors without user interaction. This vulnerability affects administrators with elevated credentials and enables complete compromise of the affected access point. No patch is currently available to remediate this issue.

File Upload RCE
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-55251 LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

File Upload RCE Aion
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-52660 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

File Upload RCE Aion
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-1152 LOW POC Monitor

Mpay versions up to 1.2.4 contain an unrestricted file upload vulnerability in the QR Code Image Handler component via the codeimg parameter, allowing remote attackers with high privileges to upload arbitrary files. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires administrative credentials but carries moderate risk with potential impacts to confidentiality, integrity, and availability.

File Upload Authentication Bypass Mpay
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-1126 LOW Monitor

Unrestricted file upload in lwj flow's SVG File Handler (FormResource.java) allows authenticated remote attackers to upload arbitrary files due to insufficient input validation on the File parameter. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Affected installations using Java should restrict file upload functionality until an update is available.

Java Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1107 LOW POC Monitor

Unrestricted file upload in EyouCMS versions up to 1.7.1/5.0 allows authenticated remote attackers to upload arbitrary files through manipulation of the viewfile parameter in the Member Avatar Handler component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An authenticated attacker could leverage this to upload malicious files and potentially achieve remote code execution.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1061 LOW POC Monitor

Unrestricted file upload in Teamwork Management System (TMS) versions up to 2.28.0 allows authenticated attackers to upload malicious files by manipulating the filename parameter in the FileController. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for organizations using affected versions.

Java Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-67079 CRITICAL Act Now

Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine via the thumbnail function.

File Upload Agora Project
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67077 HIGH This Week

Agora-Project versions up to 25.10 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload Agora Project
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-37175 HIGH This Week

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

File Upload RCE Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-62182 This Week

Pega Customer Service Framework versions 8.7.0 versions up to 25.1.0 is affected by unrestricted upload of file with dangerous type.

File Upload
NVD
EPSS
0.1%
CVE-2025-65783 CRITICAL Act Now

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF files can be uploaded and may achieve code execution.

File Upload RCE Hub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-46068 HIGH This Week

Director versions up to 25.2.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload RCE Director
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-15503 MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.8. is affected by improper access control (CVSS 7.3).

File Upload Authentication Bypass Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
5.5%
CVE-2025-15495 LOW POC Monitor

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. [CVSS 4.7 MEDIUM]

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-67924 CRITICAL Act Now

Corpkit WordPress theme (through 2.0) allows unauthenticated web shell upload via unrestricted file type upload.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-67910 CRITICAL Act Now

Contentstudio WordPress plugin (through 1.3.7) allows unauthenticated web shell upload, enabling immediate server compromise.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-66837 MEDIUM This Month

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware [CVSS 6.8 MEDIUM]

File Upload RCE Aris
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-66838 MEDIUM This Month

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. [CVSS 6.5 MEDIUM]

File Upload Denial Of Service Aris
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0643 MEDIUM POC This Month

House Rental And Property Listing Project versions up to 1.0 is affected by improper access control (CVSS 7.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-30996 CRITICAL Act Now

Multiple Themify WordPress themes (Sidepane, Newsy, Folo, Edmin, Bloggie, Photobox, Wigi, Rezo, Slide) allow authenticated users to upload web shells. Low privileges sufficient, scope change to OS-level code execution. Affects 9 themes simultaneously.

WordPress File Upload
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2023-50897 CRITICAL Act Now

Media File Renamer WordPress plugin (through 5.7.7) by Meow Apps allows administrators to upload files with dangerous types, achieving OS-level code execution with scope change. While admin access is required, the scope break makes this critical.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-31048 CRITICAL Act Now

Themify Shopo WordPress theme (through 1.1.4) allows authenticated users to upload web shells. Despite requiring low-level authentication, the scope change to CVSS 9.9 means any subscriber account can achieve full server compromise.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-15240 HIGH This Week

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. [CVSS 8.8 HIGH]

File Upload RCE AI / ML Qoca Aim
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-0577 LOW POC Monitor

Online Product Reservation System versions up to 1.0 is affected by improper access control (CVSS 6.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-0566 LOW POC Monitor

Unrestricted file upload in code-projects CMS 1.0 via the image parameter in /admin/edit_posts.php allows authenticated administrators to upload arbitrary files remotely. Public exploit code exists for this vulnerability, though a patch is not yet available. The issue affects PHP-based installations and requires high-level privileges to exploit.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-0547 LOW POC Monitor

Unrestricted file upload in PHPGurukul Online Course Registration versions up to 3.1 allows authenticated attackers to upload arbitrary files through the student profile photo parameter in /admin/edit-student-profile.php. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with login credentials can exploit this remotely to potentially execute malicious code or compromise the application.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15426 MEDIUM POC This Month

A vulnerability was identified in jackying H-ui.admin versions up to 3.1. is affected by improper access control (CVSS 7.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15423 LOW POC Monitor

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. [CVSS 6.3 MEDIUM]

PHP Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15415 LOW POC Monitor

A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. [CVSS 4.7 MEDIUM]

File Upload Authentication Bypass Wangmarket
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15404 LOW POC Monitor

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. [CVSS 6.3 MEDIUM]

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15360 LOW POC Monitor

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Java Authentication Bypass File Upload Newbee Mall Plus
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15262 LOW POC Monitor

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

PHP Authentication Bypass File Upload Simple Php Cms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-68562 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.7.3.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-15199 LOW Monitor

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PHP Authentication Bypass File Upload College Notes Uploading System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15197 LOW POC Monitor

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP Authentication Bypass File Upload News Buzz Content Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15129 LOW Monitor

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15110 LOW POC Monitor

Unrestricted file upload in jackq XCMS allows high-privilege authenticated users to upload arbitrary files via the ProductImageController component, with publicly available exploit code disclosed. Despite a CVSS score of 2.0 reflecting the high authentication requirement (PR:H), the vulnerability enables authenticated administrators to bypass intended upload restrictions and potentially achieve remote code execution by uploading malicious files. The vendor has been informed via public issue report but has not yet responded with a fix.

PHP Authentication Bypass File Upload Xcms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15109 MEDIUM This Month

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

PHP Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-2155 HIGH This Week

Remote code execution in Specto CM versions before 17032025 allows authenticated attackers to upload files with dangerous types, leading to arbitrary code inclusion on the server. The flaw, tracked as CVE-2025-2155 and reported by Turkey's USOM CERT, carries a high CVSS score of 8.8 and stems from missing validation on uploaded file types. No public exploit identified at time of analysis, and the EPSS exploitation probability remains low at 0.07%.

File Upload
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15050 LOW POC Monitor

Unauthenticated file upload vulnerability in code-projects Student File Management System 1.0 allows authenticated remote attackers to bypass file upload restrictions via manipulation of the File parameter in /save_file.php, despite the CVSS v4.0 score of 2.1 reflecting only low confidentiality, integrity, and availability impact with no scope change. The exploit is publicly available and the low EPSS score (0.09%, 25th percentile) suggests limited real-world exploitation attempts despite public disclosure.

PHP Authentication Bypass File Upload Student File Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-67288 NuGet CRITICAL Act Now

Arbitrary code execution in Umbraco CMS 16.3.3 is claimed via upload of a crafted PDF file that abuses insufficient file-type validation (CWE-434), potentially leading to server-side code execution. The finding is explicitly DISPUTED by Umbraco, which states that enforcing upload validation is the deploying administrator's responsibility per documentation, mirroring the earlier CVE-2023-49279. No public exploit is confirmed and EPSS is low (0.50%, 39th percentile), so despite the nominal CVSS 10.0 this reflects a contested, configuration-dependent condition rather than a proven turnkey RCE.

RCE File Upload Umbraco Cms
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2025-67289 CRITICAL POC Act Now

Stored cross-site scripting leading to code execution in Frappe Framework 15.89.0 (and the ERPNext application built on it) lets attackers upload a crafted XML/SVG file through the Attachments module that runs attacker-controlled script when a victim views it. Tagged as XSS/RCE/File Upload with a publicly available exploit code, though EPSS remains low at 0.44% (35th percentile) and it is not on CISA KEV. The CVSS 9.6 rating reflects a scope-changing, user-interaction-dependent attack rather than direct server-side compromise.

File Upload XSS RCE Erpnext Frappe
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2025-15009 LOW POC Monitor

ChestnutCMS up to version 1.5.8 allows authenticated remote attackers to upload arbitrary files by manipulating the File argument in the FilenameUtils.getExtension function of the /dev-api/common/upload endpoint. The vulnerability bypasses filename extension validation in the Filename Handler component, enabling unrestricted file uploads with low integrity and confidentiality impact. Publicly available exploit code exists; however, the low EPSS score (0.06%) and requirement for prior authentication significantly limit real-world exploitation risk compared to the CVSS base score.

Authentication Bypass File Upload Chestnutcms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13329 CRITICAL Act Now

Unauthenticated arbitrary file upload vulnerability in File Uploader for WooCommerce (WordPress plugin versions ≤1.0.3) enables remote code execution. Missing file type validation in the 'add-image-data' REST API endpoint allows attackers to upload malicious files to Uploadcare service and retrieve them to the web server, achieving code execution without authentication. Exploitation requires no user interaction or special privileges (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-14885 LOW POC Monitor

Unrestricted file upload in SourceCodester Client Database Management System 1.0 via the /user_leads.php endpoint in the Leads Generation Module allows authenticated remote attackers to upload arbitrary files. The vulnerability requires valid user credentials (PR:L in CVSS v4.0) but carries low confidentiality, integrity, and availability impact per the vector. Public exploit code exists, and EPSS score of 0.06% suggests minimal real-world exploitation despite public availability, likely due to the authenticated requirement limiting attack surface.

PHP Authentication Bypass File Upload Client Database Management System
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-66074 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8.

File Upload Path Traversal
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-64231 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0.

Google File Upload WordPress
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2023-53900 MEDIUM POC This Month

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Spip
NVD Exploit-DB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-44599 HIGH This Week

FNT Command 13.4.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Fnt Command
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-44598 HIGH This Week

FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Fnt Command
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-14642 LOW POC Monitor

Unrestricted file upload in Computer Laboratory System 1.0 via the technical_staff_pic.php file allows high-privilege users to upload arbitrary files to the server. The vulnerability requires administrator-level access (PR:H) and affects confidentiality, integrity, and availability with low impact scope. Publicly available exploit code exists; however, the EPSS score of 0.07% (21st percentile) and high-privilege requirement significantly limit real-world exploitation risk compared to the CVSS 2.0 baseline.

PHP Authentication Bypass File Upload Computer Laboratory System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14641 LOW POC Monitor

Unrestricted file upload in Computer Laboratory System 1.0 via the admin_pic.php image parameter allows high-privilege authenticated users to upload arbitrary files remotely, with publicly available proof-of-concept code demonstrating exploitation. Despite the CVSS 2.0 score reflecting the high authentication barrier (PR:H), the vulnerability enables attackers with admin credentials to bypass upload restrictions and potentially establish persistence or execute malicious code on the server.

PHP Authentication Bypass File Upload Computer Laboratory System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14583 MEDIUM POC This Month

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

PHP Authentication Bypass File Upload Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14582 LOW POC Monitor

Unrestricted file upload in campcodes Online Student Enrollment System 1.0 allows high-privileged authenticated users to upload arbitrary files via the userphoto parameter in /admin/index.php?page=user-profile, potentially enabling remote code execution or data exfiltration. Public exploit code is available, though the vulnerability's real-world impact is limited by the requirement for administrative credentials and low CVSS/EPSS scores.

PHP Authentication Bypass File Upload Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12968 HIGH This Week

Authenticated arbitrary file upload in Infility Global WordPress plugin versions ≤2.14.42 permits remote code execution. The upload_file function accepts spoofed MIME types without verifying file extensions, while import_data lacks capability checks, allowing subscriber-level users to upload malicious files (e.g., PHP webshells) to the server. CVSS:3.1 score 8.8 (High) reflects network-accessible, low-complexity exploitation requiring only low-privilege authentication. No public exploit identified at time of analysis. EPSS 0.35% indicates low observed exploitation activity.

RCE WordPress File Upload
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-14530 LOW POC Monitor

Unrestricted file upload in SourceCodester Real Estate Property Listing App 1.0 allows high-privileged authenticated users to upload arbitrary files via the image parameter in /admin/property.php, potentially leading to remote code execution. The vulnerability affects only administrators or high-privilege accounts due to PR:H requirements, but public exploit code exists and EPSS scoring indicates low real-world exploitation probability (0.07th percentile).

PHP Authentication Bypass File Upload Real Estate Property Listing App
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14522 LOW Monitor

Unrestricted file upload in baowzh hfly allows authenticated remote attackers to upload arbitrary files via manipulation of the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The vulnerability affects rolling-release versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, carries low overall risk (CVSS 2.1, EPSS 0.07%), and has publicly available exploit code but requires authenticated access, significantly limiting real-world exploitability compared to unauthenticated file upload scenarios.

PHP Authentication Bypass File Upload Hfly
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-67506 CRITICAL POC PATCH Act Now

A critical authentication bypass and path traversal vulnerability in PipesHub AI platform allows unauthenticated remote attackers to upload files with directory traversal sequences, enabling arbitrary file writes anywhere the service account has permissions. This vulnerability affects PipesHub versions prior to 0.1.0-beta and has a publicly available proof-of-concept exploit, making it an immediate priority for organizations using this enterprise search and workflow automation platform. With a CVSS score of 9.8 and the ability to plant malicious code or overwrite critical files, this represents a severe risk to affected systems.

Authentication Bypass File Upload Pipeshub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-56704 HIGH POC This Week

Arbitrary code execution in LeptonCMS 7.3.0 lets an authenticated attacker upload a crafted ZIP or PHP file that bypasses the application's missing file-type validation and runs as server-side PHP. Publicly available exploit code (three PoC write-ups) exists, though the flaw is not listed in CISA KEV and EPSS is low (0.66%, 47th percentile), indicating no evidence of widespread active exploitation yet. Exploitation requires a valid low-privilege account (PR:L), placing this in the post-authentication RCE category.

PHP RCE File Upload Leptoncms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-14224 LOW POC Monitor

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-14220 LOW Monitor

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14219 LOW POC Monitor

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14199 LOW POC Monitor

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14195 LOW POC Monitor

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13065 HIGH This Week

The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12966 HIGH This Week

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-12673 CRITICAL Act Now

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-36882 HIGH POC This Week

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

File Upload Denial Of Service Diskboss
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65897 HIGH PATCH This Week

zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.

Privilege Escalation Path Traversal File Upload RCE Zdh Web
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-64056 MEDIUM POC This Month

File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

File Upload Authentication Bypass X210 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12181 HIGH This Week

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-12163 MEDIUM This Month

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

File Upload WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12154 HIGH This Week

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-12153 HIGH This Week

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-13066 HIGH This Week

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13543 HIGH This Week

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65806 MEDIUM POC This Month

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.

File Upload PHP RCE E Point Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-64055 CRITICAL POC Act Now

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

File Upload Authentication Bypass X210 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 2.0
LOW Monitor

Unrestricted file upload in iJason-Liu Books_Manager allows authenticated attackers with high privileges to upload arbitrary files via the book_cover parameter in the upload_bookCover.php controller. Public exploit code exists for this vulnerability, increasing the risk of exploitation. A patch is not currently available for this rolling-release product.

PHP Authentication Bypass File Upload
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.

File Upload Authentication Bypass News Portal
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in code-projects Online Examination System 1.0 via the /admin_pic.php endpoint allows authenticated remote attackers to upload arbitrary files with minimal complexity. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable code execution or system compromise depending on server configuration and file handling.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Xpro Elementor Addons WordPress plugin has an unrestricted file upload allowing attackers to upload dangerous file types through the Elementor builder integration.

File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

g-FFL Checkout WordPress plugin has an unrestricted file upload vulnerability allowing attackers to upload web shells for remote code execution.

File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Farost Energia WordPress plugin allows unrestricted file upload enabling attackers to upload web shells and achieve remote code execution on the WordPress server.

File Upload
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Solvera Software Services Trade Inc. Teknoera is affected by unrestricted upload of file with dangerous type (CVSS 8.1).

File Upload
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.

File Upload RCE Meetinghub Paperless Meetings
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). [CVSS 4.3 MEDIUM]

File Upload Authentication Bypass Horilla
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC This Week

Horilla versions up to 1.5.0 contains a vulnerability that allows attackers to deploy phishing attacks (CVSS 8.0).

File Upload Horilla
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Authenticated staff users in Saleor e-commerce platform versions 3.0.0 through 3.22.26 can upload malicious HTML and SVG files containing JavaScript that execute in users' browsers when served from the same domain as the dashboard, potentially allowing token theft. An attacker with staff privileges could craft script injections to compromise other staff members' sessions and access tokens. This vulnerability affects deployments where media files are hosted on the same domain as the dashboard and patches are available in versions 3.20.108, 3.21.43, and 3.22.27.

File Upload XSS Saleor
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Remote code execution in BROWAN COMMUNICATIONS PrismX MX100 AP controller allows high-privileged remote attackers to upload arbitrary files and execute web shell backdoors without user interaction. This vulnerability affects administrators with elevated credentials and enables complete compromise of the affected access point. No patch is currently available to remediate this issue.

File Upload RCE
NVD
EPSS 0% CVSS 3.1
LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

File Upload RCE Aion
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

File Upload RCE Aion
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

Mpay versions up to 1.2.4 contain an unrestricted file upload vulnerability in the QR Code Image Handler component via the codeimg parameter, allowing remote attackers with high privileges to upload arbitrary files. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires administrative credentials but carries moderate risk with potential impacts to confidentiality, integrity, and availability.

File Upload Authentication Bypass Mpay
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Unrestricted file upload in lwj flow's SVG File Handler (FormResource.java) allows authenticated remote attackers to upload arbitrary files due to insufficient input validation on the File parameter. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Affected installations using Java should restrict file upload functionality until an update is available.

Java Authentication Bypass File Upload
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in EyouCMS versions up to 1.7.1/5.0 allows authenticated remote attackers to upload arbitrary files through manipulation of the viewfile parameter in the Member Avatar Handler component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An authenticated attacker could leverage this to upload malicious files and potentially achieve remote code execution.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in Teamwork Management System (TMS) versions up to 2.28.0 allows authenticated attackers to upload malicious files by manipulating the filename parameter in the FileController. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for organizations using affected versions.

Java Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine via the thumbnail function.

File Upload Agora Project
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Agora-Project versions up to 25.10 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload Agora Project
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 7.2 HIGH]

File Upload RCE Arubaos
NVD
EPSS 0%
This Week

Pega Customer Service Framework versions 8.7.0 versions up to 25.1.0 is affected by unrestricted upload of file with dangerous type.

File Upload
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF files can be uploaded and may achieve code execution.

File Upload RCE Hub
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Director versions up to 25.2.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload RCE Director
NVD GitHub
EPSS 5% CVSS 5.5
MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.8. is affected by improper access control (CVSS 7.3).

File Upload Authentication Bypass Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. [CVSS 4.7 MEDIUM]

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Corpkit WordPress theme (through 2.0) allows unauthenticated web shell upload via unrestricted file type upload.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Contentstudio WordPress plugin (through 1.3.7) allows unauthenticated web shell upload, enabling immediate server compromise.

File Upload
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware [CVSS 6.8 MEDIUM]

File Upload RCE Aris
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. [CVSS 6.5 MEDIUM]

File Upload Denial Of Service Aris
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

House Rental And Property Listing Project versions up to 1.0 is affected by improper access control (CVSS 7.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Multiple Themify WordPress themes (Sidepane, Newsy, Folo, Edmin, Bloggie, Photobox, Wigi, Rezo, Slide) allow authenticated users to upload web shells. Low privileges sufficient, scope change to OS-level code execution. Affects 9 themes simultaneously.

WordPress File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Media File Renamer WordPress plugin (through 5.7.7) by Meow Apps allows administrators to upload files with dangerous types, achieving OS-level code execution with scope change. While admin access is required, the scope break makes this critical.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Themify Shopo WordPress theme (through 1.1.4) allows authenticated users to upload web shells. Despite requiring low-level authentication, the scope change to CVSS 9.9 means any subscriber account can achieve full server compromise.

File Upload
NVD
EPSS 0% CVSS 8.8
HIGH This Week

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. [CVSS 8.8 HIGH]

File Upload RCE AI / ML +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Online Product Reservation System versions up to 1.0 is affected by improper access control (CVSS 6.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in code-projects CMS 1.0 via the image parameter in /admin/edit_posts.php allows authenticated administrators to upload arbitrary files remotely. Public exploit code exists for this vulnerability, though a patch is not yet available. The issue affects PHP-based installations and requires high-level privileges to exploit.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in PHPGurukul Online Course Registration versions up to 3.1 allows authenticated attackers to upload arbitrary files through the student profile photo parameter in /admin/edit-student-profile.php. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with login credentials can exploit this remotely to potentially execute malicious code or compromise the application.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in jackying H-ui.admin versions up to 3.1. is affected by improper access control (CVSS 7.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. [CVSS 6.3 MEDIUM]

PHP Authentication Bypass File Upload
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. [CVSS 4.7 MEDIUM]

File Upload Authentication Bypass Wangmarket
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. [CVSS 6.3 MEDIUM]

PHP Authentication Bypass File Upload
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Java Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

PHP Authentication Bypass File Upload +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.7.3.

File Upload
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP Authentication Bypass File Upload +2
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

PHP File Upload
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in jackq XCMS allows high-privilege authenticated users to upload arbitrary files via the ProductImageController component, with publicly available exploit code disclosed. Despite a CVSS score of 2.0 reflecting the high authentication requirement (PR:H), the vulnerability enables authenticated administrators to bypass intended upload restrictions and potentially achieve remote code execution by uploading malicious files. The vendor has been informed via public issue report but has not yet responded with a fix.

PHP Authentication Bypass File Upload +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

PHP Authentication Bypass File Upload
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Specto CM versions before 17032025 allows authenticated attackers to upload files with dangerous types, leading to arbitrary code inclusion on the server. The flaw, tracked as CVE-2025-2155 and reported by Turkey's USOM CERT, carries a high CVSS score of 8.8 and stems from missing validation on uploaded file types. No public exploit identified at time of analysis, and the EPSS exploitation probability remains low at 0.07%.

File Upload
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unauthenticated file upload vulnerability in code-projects Student File Management System 1.0 allows authenticated remote attackers to bypass file upload restrictions via manipulation of the File parameter in /save_file.php, despite the CVSS v4.0 score of 2.1 reflecting only low confidentiality, integrity, and availability impact with no scope change. The exploit is publicly available and the low EPSS score (0.09%, 25th percentile) suggests limited real-world exploitation attempts despite public disclosure.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Arbitrary code execution in Umbraco CMS 16.3.3 is claimed via upload of a crafted PDF file that abuses insufficient file-type validation (CWE-434), potentially leading to server-side code execution. The finding is explicitly DISPUTED by Umbraco, which states that enforcing upload validation is the deploying administrator's responsibility per documentation, mirroring the earlier CVE-2023-49279. No public exploit is confirmed and EPSS is low (0.50%, 39th percentile), so despite the nominal CVSS 10.0 this reflects a contested, configuration-dependent condition rather than a proven turnkey RCE.

RCE File Upload Umbraco Cms
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Stored cross-site scripting leading to code execution in Frappe Framework 15.89.0 (and the ERPNext application built on it) lets attackers upload a crafted XML/SVG file through the Attachments module that runs attacker-controlled script when a victim views it. Tagged as XSS/RCE/File Upload with a publicly available exploit code, though EPSS remains low at 0.44% (35th percentile) and it is not on CISA KEV. The CVSS 9.6 rating reflects a scope-changing, user-interaction-dependent attack rather than direct server-side compromise.

File Upload XSS RCE +2
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

ChestnutCMS up to version 1.5.8 allows authenticated remote attackers to upload arbitrary files by manipulating the File argument in the FilenameUtils.getExtension function of the /dev-api/common/upload endpoint. The vulnerability bypasses filename extension validation in the Filename Handler component, enabling unrestricted file uploads with low integrity and confidentiality impact. Publicly available exploit code exists; however, the low EPSS score (0.06%) and requirement for prior authentication significantly limit real-world exploitation risk compared to the CVSS base score.

Authentication Bypass File Upload Chestnutcms
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated arbitrary file upload vulnerability in File Uploader for WooCommerce (WordPress plugin versions ≤1.0.3) enables remote code execution. Missing file type validation in the 'add-image-data' REST API endpoint allows attackers to upload malicious files to Uploadcare service and retrieve them to the web server, achieving code execution without authentication. Exploitation requires no user interaction or special privileges (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis.

RCE WordPress File Upload
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in SourceCodester Client Database Management System 1.0 via the /user_leads.php endpoint in the Leads Generation Module allows authenticated remote attackers to upload arbitrary files. The vulnerability requires valid user credentials (PR:L in CVSS v4.0) but carries low confidentiality, integrity, and availability impact per the vector. Public exploit code exists, and EPSS score of 0.06% suggests minimal real-world exploitation despite public availability, likely due to the authenticated requirement limiting attack surface.

PHP Authentication Bypass File Upload +1
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8.

File Upload Path Traversal
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0.

Google File Upload WordPress
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Spip
NVD Exploit-DB
EPSS 0% CVSS 8.3
HIGH This Week

FNT Command 13.4.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Fnt Command
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Fnt Command
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in Computer Laboratory System 1.0 via the technical_staff_pic.php file allows high-privilege users to upload arbitrary files to the server. The vulnerability requires administrator-level access (PR:H) and affects confidentiality, integrity, and availability with low impact scope. Publicly available exploit code exists; however, the EPSS score of 0.07% (21st percentile) and high-privilege requirement significantly limit real-world exploitation risk compared to the CVSS 2.0 baseline.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in Computer Laboratory System 1.0 via the admin_pic.php image parameter allows high-privilege authenticated users to upload arbitrary files remotely, with publicly available proof-of-concept code demonstrating exploitation. Despite the CVSS 2.0 score reflecting the high authentication barrier (PR:H), the vulnerability enables attackers with admin credentials to bypass upload restrictions and potentially establish persistence or execute malicious code on the server.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in campcodes Online Student Enrollment System 1.0 allows high-privileged authenticated users to upload arbitrary files via the userphoto parameter in /admin/index.php?page=user-profile, potentially enabling remote code execution or data exfiltration. Public exploit code is available, though the vulnerability's real-world impact is limited by the requirement for administrative credentials and low CVSS/EPSS scores.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated arbitrary file upload in Infility Global WordPress plugin versions ≤2.14.42 permits remote code execution. The upload_file function accepts spoofed MIME types without verifying file extensions, while import_data lacks capability checks, allowing subscriber-level users to upload malicious files (e.g., PHP webshells) to the server. CVSS:3.1 score 8.8 (High) reflects network-accessible, low-complexity exploitation requiring only low-privilege authentication. No public exploit identified at time of analysis. EPSS 0.35% indicates low observed exploitation activity.

RCE WordPress File Upload
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

Unrestricted file upload in SourceCodester Real Estate Property Listing App 1.0 allows high-privileged authenticated users to upload arbitrary files via the image parameter in /admin/property.php, potentially leading to remote code execution. The vulnerability affects only administrators or high-privilege accounts due to PR:H requirements, but public exploit code exists and EPSS scoring indicates low real-world exploitation probability (0.07th percentile).

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Unrestricted file upload in baowzh hfly allows authenticated remote attackers to upload arbitrary files via manipulation of the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The vulnerability affects rolling-release versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, carries low overall risk (CVSS 2.1, EPSS 0.07%), and has publicly available exploit code but requires authenticated access, significantly limiting real-world exploitability compared to unauthenticated file upload scenarios.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

A critical authentication bypass and path traversal vulnerability in PipesHub AI platform allows unauthenticated remote attackers to upload files with directory traversal sequences, enabling arbitrary file writes anywhere the service account has permissions. This vulnerability affects PipesHub versions prior to 0.1.0-beta and has a publicly available proof-of-concept exploit, making it an immediate priority for organizations using this enterprise search and workflow automation platform. With a CVSS score of 9.8 and the ability to plant malicious code or overwrite critical files, this represents a severe risk to affected systems.

Authentication Bypass File Upload Pipeshub
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Arbitrary code execution in LeptonCMS 7.3.0 lets an authenticated attacker upload a crafted ZIP or PHP file that bypasses the application's missing file-type validation and runs as server-side PHP. Publicly available exploit code (three PoC write-ups) exists, though the flaw is not listed in CISA KEV and EPSS is low (0.66%, 47th percentile), indicating no evidence of widespread active exploitation yet. Exploitation requires a valid low-privilege account (PR:L), placing this in the post-authentication RCE category.

PHP RCE File Upload +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Path Traversal
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Path Traversal
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

File Upload Denial Of Service Diskboss
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.

Privilege Escalation Path Traversal File Upload +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

File Upload Authentication Bypass X210 Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

File Upload WordPress XSS
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.

File Upload PHP RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

File Upload Authentication Bypass X210 Firmware
NVD GitHub
Prev Page 6 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy