CVE Daily
← All tags

Tag: Unrestricted File Upload

All CVEs associated with "Unrestricted File Upload". Page 14/14 • 1592 CVEs.

Subscribe CVEs: RSS for “Unrestricted File Upload”  ·  RSS (High+Critical only)

About “Unrestricted File Upload”

A curated feed of “Unrestricted File Upload”-related CVEs appears below. We currently track 1592 CVEs for this tag (all time). In the last 365 days, 310 were published. Average CVSS is 8.3 (all time; 8.5 over 365d), and 80% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-306 - Missing Authentication for Critical Function, CWE-94 - Improper Control of Generation of Code ('Code Injection').

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-02-12
Medium

CVE-2006-6994

Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security…

CVSS: 6.4 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2007-02-06
Medium

CVE-2007-0764

Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf paramete…

CVSS: 6.5 CWE: N/A View on NVD
2007-01-26
High

CVE-2007-0505

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a…

CVSS: 8.5 CWE: N/A View on NVD
2007-01-19
High

CVE-2007-0370

Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-09
Medium

CVE-2007-0123

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extensi…

CVSS: 6.8 CWE: N/A View on NVD
2006-12-31
Medium

CVE-2006-4581

Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-6879

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the…

CVSS: 6.0 CWE: N/A View on NVD
Medium

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the Widg…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2006-12-15
High

CVE-2006-6570

Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajou…

CVSS: 7.5 CWE: N/A View on NVD
2006-12-11
Medium

CVE-2006-6463

Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web…

CVSS: 6.5 CWE: N/A View on NVD
2006-12-07
Medium

CVE-2006-6338

Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JP…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-…

CVSS: 6.5 CWE: N/A View on NVD
2006-11-15
High

CVE-2006-5918

Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Down…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-10
Medium

CVE-2006-5845

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.

CVSS: 6.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2006-10-20
High

CVE-2006-5411

Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.

CVSS: 7.5 CWE: N/A View on NVD
2006-09-27
Medium

CVE-2006-5016

Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory.

CVSS: 5.0 CWE: N/A View on NVD
2006-09-25
Medium

CVE-2006-4977

Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP co…

CVSS: 5.0 CWE: N/A View on NVD
2006-09-21
Medium

CVE-2006-4922

Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executa…

CVSS: 5.0 CWE: N/A View on NVD
2006-09-19
Medium

CVE-2006-4875

Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/al…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-4859

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-11
High

CVE-2006-4675

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

CVSS: 7.5 CWE: N/A View on NVD
2006-09-07
High

CVE-2006-4602

Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-4617

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions…

CVSS: 7.5 CWE: N/A View on NVD
2006-07-06
Medium

CVE-2006-3362

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier,…

CVSS: 5.1 CWE: N/A View on NVD
2005-12-31
High

CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PH…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2005-4855

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types,…

CVSS: 3.5 CWE: CWE-264 View on NVD
2005-12-20
Medium

CVE-2005-4422

Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then acc…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2005-4423

Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, a…

CVSS: 6.5 CWE: N/A View on NVD
2005-08-26
Medium

CVE-2005-2699

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ dire…

CVSS: 4.6 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-2690

Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.

CVSS: 8.5 CWE: N/A View on NVD
Critical

CVE-2004-2700

Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.

CVSS: 9.0 CWE: CWE-264 View on NVD
2003-12-31
Medium

CVE-2003-1552

Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dire…

CVSS: 6.8 CWE: CWE-264 View on NVD