Vulnerabilities (CVE)

Filtered by CWE-434
Total 4129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43275 1 Canteen Management System Project 1 Canteen Management System 2026-06-17 N/A 7.2 HIGH
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43265 1 Canteen Management System Project 1 Canteen Management System 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43234 1 Hoosk 1 Hoosk 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43231 1 Canteen Management System Project 1 Canteen Management System 2026-06-17 N/A 7.2 HIGH
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43192 1 Dedecms 1 Dedecms 2026-06-17 N/A 6.7 MEDIUM
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.
CVE-2022-43146 1 Canteen Management System Project 1 Canteen Management System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43085 1 Codeastro 1 Restaurant Pos System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43083 1 Vehicle Booking System Project 1 Vehicle Booking System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43074 1 Ayacms Project 1 Ayacms 2026-06-17 N/A 9.8 CRITICAL
AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43061 1 Online Tours \& Travels Management System Project 1 Online Tours \& Travels Management System 2026-06-17 N/A 7.2 HIGH
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43050 1 Online Tours And Travels Management System Project 1 Online Tours And Travels Management System 2026-06-17 N/A 7.2 HIGH
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-42971 2 Microsoft, Schneider-electric 8 Windows 10, Windows 11, Windows 7 and 5 more 2026-06-17 N/A 9.8 CRITICAL
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-42925 1 Formalms 1 Formalms 2026-06-17 N/A 9.9 CRITICAL
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.
CVE-2022-42698 1 Api2cart 1 Api2cart Bridge Connector 2026-06-17 N/A 9.8 CRITICAL
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVE-2022-42449 1 Hcltech 1 Domino Leap 2026-06-17 N/A 4.6 MEDIUM
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
CVE-2022-42443 1 Ibm 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile 2026-06-17 N/A 2.2 LOW
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.
CVE-2022-42287 1 Nvidia 2 Bmc, Dgx A100 2026-06-17 N/A 6.0 MEDIUM
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.
CVE-2022-42229 1 Wedding Planner Project 1 Wedding Planner 2026-06-17 N/A 8.8 HIGH
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.
CVE-2022-42201 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2026-06-17 N/A 7.2 HIGH
Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.
CVE-2022-42198 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2026-06-17 N/A 8.8 HIGH
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.