Vulnerabilities (CVE)

Filtered by CWE-434
Total 4102 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-8170 1 Rems 1 Zipped Folder Manager App 2026-06-17 4.0 MEDIUM 3.5 LOW
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8166 1 Ruijie 2 Eg2000k, Eg2000k Firmware 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8164 1 Beikeshop 1 Beikeshop 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.
CVE-2024-8126 1 Advancedfilemanager 1 Advanced File Manager 2026-06-17 N/A 7.5 HIGH
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-8089 1 Janobe 1 E-commerce System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8066 1 Ninjateam 1 Filester 2026-06-17 N/A 7.5 HIGH
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-8019 1 Lightningai 1 Pytorch Lightning 2026-06-17 N/A 9.1 CRITICAL
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
CVE-2024-7987 1 Rockwellautomation 1 Thinmanager Thinserver 2026-06-17 N/A 7.8 HIGH
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.
CVE-2024-7985 1 Fileorganizer 1 Fileorganizer 2026-06-17 N/A 7.5 HIGH
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files.
CVE-2024-7944 1 Adonesevangelista 1 Laravel Property Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7943 1 Adonesevangelista 1 Laravel Property Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7917 1 Douco 1 Douphp 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7910 1 Online Railway Reservation System Project 1 Online Railway Reservation System 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7906 1 Dedebiz 1 Dedebiz 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7905 1 Dedebiz 1 Dedebiz 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7904 1 Dedebiz 1 Dedebiz 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7903 1 Dedebiz 1 Dedebiz 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7855 1 Thimpress 1 Wp Hotel Booking 2026-06-17 N/A 8.8 HIGH
The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-7772 1 Artbees 1 Jupiter X Core 2026-06-17 N/A 9.8 CRITICAL
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-7770 1 Bitapps 1 File Manager 2026-06-17 N/A 8.8 HIGH
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.