CWE-434

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.

The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.

InHand Networks IR615 Router’s Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.