Vulnerabilities (CVE)

Filtered by CWE-434
Total 4102 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-37117 1 Jizhicms 1 Jizhicms 2026-06-17 N/A 8.8 HIGH
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
CVE-2020-37113 1 Gunet 1 Open Eclass Platform 2026-06-17 N/A 8.8 HIGH
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
CVE-2020-37090 1 Arox 1 School Erp Pro 2026-06-17 N/A 9.8 CRITICAL
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
CVE-2020-37084 1 Arox 1 School Erp Pro 2026-06-17 N/A 7.2 HIGH
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.
CVE-2020-37073 1 Victor Cms Project 1 Victor Cms 2026-06-17 N/A 8.8 HIGH
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
CVE-2020-37023 2026-06-17 N/A 8.8 HIGH
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.
CVE-2020-37009 2026-06-17 N/A 8.8 HIGH
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.
CVE-2020-36973 2026-06-17 N/A 6.5 MEDIUM
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVE-2020-36942 1 Victor Cms Project 1 Victor Cms 2026-06-17 N/A 8.8 HIGH
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
CVE-2020-36897 1 Howfor 1 Qihang Media Web Digital Signage 2026-06-17 N/A 9.8 CRITICAL
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.
CVE-2020-36882 1 Flexense 1 Diskboss 2026-06-17 N/A 7.5 HIGH
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.
CVE-2020-36863 1 Nagios 1 Nagios Xi 2026-06-17 N/A 8.8 HIGH
Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An authenticated attacker with access to the audio import feature could upload a crafted PHP file and then request it to achieve remote code execution with the privileges of the application service.
CVE-2020-36849 1 Ait-themes 1 Csv Import \/ Export 2026-06-17 N/A 9.8 CRITICAL
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVE-2020-36847 1 Simplefilelist 1 Simple File List 2026-06-17 N/A 9.8 CRITICAL
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
CVE-2020-36842 1 Wpvivid 1 Migration\, Backup\, Staging 2026-06-17 N/A 8.8 HIGH
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.
CVE-2020-36825 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The issue, discovered in a 20-stars GitHub project (now private) by its author, had CVE requested by a third party 4 years post-resolution, referencing the fix commit (now a broken link). Due to minimal attention and usage, it should not be eligible for CVE according to the project maintainer.
CVE-2020-36706 1 Simple-press 1 Simple\ 2026-06-17 N/A 9.8 CRITICAL
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVE-2020-36705 1 Tunasite 1 Adning Advertising 2026-06-17 N/A 9.8 CRITICAL
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVE-2020-36701 1 King-theme 1 Page Builder King Composer 2026-06-17 N/A 8.8 HIGH
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server.
CVE-2020-36485 1 Madeportable 1 Playable 2026-06-17 4.6 MEDIUM 7.8 HIGH
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.