3244 matches found
Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution
Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...
MikoPBX - Unrestricted File Upload
MikoPBX through 2024.1.114 contains an authenticated unrestricted file upload vulnerability caused by allowing PHP script uploads in PBXCoreREST/Controllers/Files/PostController.php. id: CVE-2025-52207 info: name: MikoPBX - Unrestricted File Upload author: darses severity: critical description: |...
WP Mobile Detector <= 3.5 - Unrestricted File Upload
WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...
CVE-2026-15305 TYPO3 CMS - Unrestricted File Upload in Form Framework
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...
PT-2026-58797
Name of the Vulnerable Software and Affected Versions Adobe Commerce affected versions not specified Description An unrestricted upload of files with dangerous types allows arbitrary code execution in the context of the current user. An attacker can inject malicious scripts into a web page to...
CVE-2026-57719
Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...
Roxy Fileman 1.4.5 - Unrestricted File Upload
Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...
ArcGIS Server <= 12.0 Multiple Vulnerabilities (Security 2026 Update 2)
The version of ArcGIS Server installed on the remote host is 12.0 or prior. It is, therefore, affected by multiple vulnerabilities: - ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful...
CVE-2026-58654
The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...
CVE-2026-9182
Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...
EUVD-2026-41896
ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...
CVE-2026-9182
Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...
PT-2026-55968
Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.0 Description An unrestricted file upload issue exists where an unauthenticated attacker can upload a crafted file to the affected endpoint. This could allow for arbitrary file upload, potentially enabling...
CVE-2026-14776
The CVE-2026-14776 entry concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability centers on the function pathinfo in the file /upload_files.php within the Filename Extension component, where manipulation enables unrestricted file upload. This permits remote e...
Adobe ColdFusion 2023.x < 2023u21 / 2025.x < 2025u10 Multiple Vulnerabilities (APSB26-68)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2023.x update 21 or 2025.x update 10. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-68 advisory. - Unrestricted Upload of File with Dangerous Type potentially leading to Arbitrary...
CVE-2026-48276
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48283
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...