Skip to main content

Malicious File Upload

web HIGH

Malicious file upload attacks exploit insufficient validation when web applications accept user-provided files.

How It Works

Malicious file upload attacks exploit insufficient validation when web applications accept user-provided files. The attacker uploads a file containing executable code—commonly a web shell written in PHP, JSP, or ASPX—disguised to bypass basic security checks. Once uploaded to a web-accessible directory, the attacker navigates to the file's URL, triggering server-side execution and gaining remote command execution capabilities.

Attackers employ various bypass techniques to defeat weak filters. Content-Type spoofing involves manipulating HTTP headers to claim a malicious PHP file is an image. Double extensions like shell.php.jpg exploit flawed parsers that only check the final extension. Null byte injection (shell.php%00.jpg) can truncate filenames in vulnerable code. Case manipulation (.pHp, .AsP) defeats case-sensitive blacklists. Advanced attacks upload .htaccess or web.config files to reconfigure the server, enabling script execution in directories where it was previously disabled.

The typical attack flow begins with reconnaissance to locate upload functionality, followed by testing various evasion techniques until a payload successfully uploads. The attacker then accesses the uploaded web shell through a browser, passing commands via URL parameters. This establishes an interactive backdoor for further exploitation, lateral movement, and data theft.

Impact

  • Remote code execution: Full command-line access to the web server with the application's privileges
  • Web shell persistence: Durable backdoor survives application restarts, enabling long-term access
  • Data exfiltration: Direct file system access allows theft of databases, credentials, source code, and sensitive documents
  • Server compromise: Ability to install additional malware, create privileged accounts, and pivot to internal networks
  • Website defacement: Modification of public-facing content to damage reputation or spread misinformation

Real-World Examples

Cisco Wireless LAN Controller (CVE-2025-20188) combined a hardcoded JWT credential with unrestricted file upload, allowing unauthenticated attackers to deploy web shells and achieve complete controller compromise. The dual vulnerability eliminated authentication barriers entirely.

WordPress plugin vulnerabilities frequently expose this attack surface. Numerous plugins have allowed arbitrary file uploads through image galleries or media managers, where attackers upload PHP shells disguised as images, then execute them to take over hosting environments.

Enterprise content management systems have suffered similar flaws where document upload features failed to validate file types properly, allowing attackers to upload executable scripts that provided administrative access to corporate intranets and sensitive business data.

Mitigation

  • Whitelist permitted extensions and validate against both filename and actual file content (magic bytes/file signatures)
  • Store uploads outside the webroot entirely, serving them through a handler script that prevents execution
  • Disable script execution in upload directories via web server configuration (remove execute permissions)
  • Rename uploaded files to random identifiers, breaking the attacker's ability to predict URLs
  • Implement content scanning with antivirus/malware detection before storing files
  • Enforce authentication and authorization on all upload endpoints with proper session management
  • Validate file size limits to prevent resource exhaustion alongside malicious uploads

Recent CVEs (4034)

EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in running-elephant Datart 1.0.0-rc3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Linkace
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Magicos
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The DirectoryPress - Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Piranha Cms
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Cognos Analytics
NVD
EPSS 1% CVSS 8.7
HIGH This Week

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP File Upload +4
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ujcms
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows Upload a Web Shell to a Web Server.18.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.1.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in InvoicePlane up to 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 2% CVSS 7.2
HIGH This Week

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
EPSS 48% CVSS 9.9
CRITICAL Emergency

Arbitrary file upload in the Import Export For WooCommerce WordPress plugin (versions through 1.6.2) by sidngr allows authenticated low-privileged users to upload web shells, leading to full server compromise with a CVSS of 9.9 and changed scope. EPSS places this in the 98th percentile (~48% exploitation probability), indicating significant attacker interest, though no public exploit identified at time of analysis. CISA KEV does not list this CVE.

File Upload WordPress
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple +3
NVD
EPSS 0% CVSS 3.7
LOW Monitor

The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to,. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Nginx +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple File Upload macOS
NVD
EPSS 78% CVSS 9.5
CRITICAL PATCH Act Now

File upload logic in Apache Struts is flawed. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian RCE Apache +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium pie-register-premium.8.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.0.40. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware +18
NVD
EPSS 0% CVSS 8.7
HIGH This Week

ZOO-Project is a C-based WPS (Web Processing Service) implementation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Convert Forms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP +2
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

A vulnerability was discovered in FreePBX 17.0.19.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Freepbx
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.5.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The File Manager Pro - Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Spip
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection File Upload RCE
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Hkcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dedebiz
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Boat Booking System
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python File Upload XSS
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
EPSS 35% CVSS 9.9
CRITICAL Emergency

Web shell upload via the AntonHoelstad WP Quick Setup WordPress plugin (versions up to and including 2.0) allows authenticated remote attackers to upload files of dangerous types and achieve code execution on the underlying web server. EPSS rates exploitation probability at 34.73% (97th percentile), and no public exploit identified at time of analysis, though the CWE-434 pattern and low attacker requirements make this a high-priority issue for WordPress operators running the plugin.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.26. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.01. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.5.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
EPSS 94% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP +2
NVD Exploit-DB
EPSS 16% CVSS 8.8
HIGH Act Now

The Real3D Flipbook Lite - 3D FlipBook, PDF Viewer, PDF Embedder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

File Upload RCE WordPress
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Shop
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Python Book
NVD GitHub
Prev Page 16 of 45 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
4034

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy