Vulnerabilities (CVE)

Filtered by CWE-434
Total 4133 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27753 2026-06-17 N/A 8.0 HIGH
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-27602 1 Apache 1 Linkis 2026-06-17 N/A 9.8 CRITICAL
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.  For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`
CVE-2023-27440 2026-06-17 N/A 7.2 HIGH
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.
CVE-2023-27397 1 Microengine 1 Mailform 2026-06-17 N/A 9.8 CRITICAL
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
CVE-2023-27246 1 Mk-auth 1 Mk-auth 2026-06-17 N/A 8.8 HIGH
An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file.
CVE-2023-27235 1 Jizhicms 1 Jizhicms 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVE-2023-27179 1 Gdidees 1 Gdidees Cms 2026-06-17 N/A 7.5 HIGH
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
CVE-2023-27178 1 Gdidees 1 Gdidees Cms 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.
CVE-2023-27168 1 Xpand-it 1 Write-back Manager 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.
CVE-2023-27083 1 Pluck-cms 1 Pluck 2026-06-17 N/A 7.2 HIGH
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.
CVE-2023-27033 1 Cdesigner Project 1 Cdesigner 2026-06-17 N/A 9.8 CRITICAL
Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().
CVE-2023-26968 1 Atrocore 1 Atrocore 2026-06-17 N/A 9.8 CRITICAL
In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.
CVE-2023-26949 1 Onekeyadmin 1 Onekeyadmin 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-26857 1 Dynamic Transaction Queuing System Project 1 Dynamic Transaction Queuing System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-26852 1 Textpattern 1 Textpattern 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVE-2023-26830 1 Gladinet 1 Centrestack 2026-06-17 N/A 7.2 HIGH
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.
CVE-2023-26775 1 Monitorr 1 Monitorr 2026-06-17 N/A 7.8 HIGH
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.
CVE-2023-26762 1 Smeup 1 Erp 2026-06-17 N/A 8.8 HIGH
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.
CVE-2023-26690 1 Cs-cart 1 Cs-cart Multivendor 2026-06-17 N/A 8.8 HIGH
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.
CVE-2023-26686 1 Cs-cart 1 Cs-cart Multivendor 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.