CWE-434

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6.

An unauthorized user could alter or write files with full control over the path and content of the file.

Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.