CWE-434

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php.

An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files.

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

A vulnerability in ${“freemarker.template.utility.Execute”?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.