CWE-434

Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component ‘bl-kereln/ajax/upload-logo.php’.

Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component ‘admin/upload_file_do.php’.

Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the ‘image’ widget in the component ‘Change Widgy Page’.

File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.

An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.

Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a “.jpg.php” extension to the component “admin/wenjian.php?wj=../templets/pc”.