3235 matches found
MikoPBX - Unrestricted File Upload
MikoPBX through 2024.1.114 contains an authenticated unrestricted file upload vulnerability caused by allowing PHP script uploads in PBXCoreREST/Controllers/Files/PostController.php. id: CVE-2025-52207 info: name: MikoPBX - Unrestricted File Upload author: darses severity: critical description: |...
Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution
Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...
Roxy Fileman 1.4.5 - Unrestricted File Upload
Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...
WP Mobile Detector <= 3.5 - Unrestricted File Upload
WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...
ArcGIS Server <= 12.0 Multiple Vulnerabilities (Security 2026 Update 2)
The version of ArcGIS Server installed on the remote host is 12.0 or prior. It is, therefore, affected by multiple vulnerabilities: - ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful...
CVE-2026-58654
The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...
CVE-2026-9182
Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...
EUVD-2026-41896
ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...
CVE-2026-9182
Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...
PT-2026-55968
Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.0 Description An unrestricted file upload issue exists where an unauthenticated attacker can upload a crafted file to the affected endpoint. This could allow for arbitrary file upload, potentially enabling...
CVE-2026-14776
The CVE-2026-14776 entry concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability centers on the function pathinfo in the file /upload_files.php within the Filename Extension component, where manipulation enables unrestricted file upload. This permits remote e...
Adobe ColdFusion 2023.x < 2023u21 / 2025.x < 2025u10 Multiple Vulnerabilities (APSB26-68)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2023.x update 21 or 2025.x update 10. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-68 advisory. - Unrestricted Upload of File with Dangerous Type potentially leading to Arbitrary...
CVE-2026-48276
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48283
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48283
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48283
CVE-2026-48283 affects ColdFusion versions 2025.9, 2023.20 and earlier. The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) that can lead to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and is network‑visible;...
CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-53691 Remote Code Execution in Redeight CMS
An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...