Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-53956 Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution — flatnux 8.8 High2025-12-19
CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload — Dotclear 8.8 High2025-12-19
CVE-2025-14849 Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type — WebAccess/SCADA 8.8 High2025-12-18
CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution — File Thingie 8.8 High2025-12-18
CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload — Xperience 8.8 High2025-12-18
CVE-2025-14885 SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload — Client Database Management System 6.3 Medium2025-12-18
CVE-2025-66074 WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability — WP Webhooks 9.0 Critical2025-12-18
CVE-2025-64374 WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability — Motors 8.8AIHighAI2025-12-18
CVE-2025-64231 WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability — WordPress Contact Form 7 PDF, Google Sheet & Database 9.9 Critical2025-12-18
CVE-2023-53933 Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload — Serendipity 8.8 High2025-12-17
CVE-2023-53924 UliCMS 2023.1-sniffing-vicuna Remote Code Execution via Avatar Upload — Ulicms 8.8 High2025-12-17
CVE-2023-53922 TinyWebGallery v2.5 Remote Code Execution via Unrestricted File Upload — TinyWebGallery 9.8 Critical2025-12-17
CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload — SitemagicCMS 9.8 Critical2025-12-17
CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager — Blackcat CMS 7.2AIHighAI2025-12-15
CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload — Perch 7.2AIHighAI2025-12-15
CVE-2023-53885 Webutler v3.2 Remote Code Execution via Arbitrary File Upload — Webutler 7.2AIHighAI2025-12-15
CVE-2023-53876 Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings — Academy LMS 5.4AIMediumAI2025-12-15
CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic — Soosyze 9.8AICriticalAI2025-12-15
CVE-2023-53869 WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution — WebIGniter 8.8AIHighAI2025-12-15
CVE-2023-53868 Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload — coppermine-gallery 8.8AIHighAI2025-12-15
CVE-2025-14642 code-projects Computer Laboratory System technical_staff_pic.php unrestricted upload — Computer Laboratory System 4.7 Medium2025-12-14
CVE-2025-14641 code-projects Computer Laboratory System admin_pic.php unrestricted upload — Computer Laboratory System 4.7 Medium2025-12-14
CVE-2025-13094 WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload — WP3D Model Import Viewer 8.8 High2025-12-13
CVE-2025-14583 campcodes Online Student Enrollment System register.php unrestricted upload — Online Student Enrollment System 7.3 High2025-12-12
CVE-2025-14582 campcodes Online Student Enrollment System index.php unrestricted upload — Online Student Enrollment System 4.7 Medium2025-12-12
CVE-2025-12968 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload — Infility Global 8.8 High2025-12-12
CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload — WBCE CMS 7.2AIHighAI2025-12-11
CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature — xbtitFM 7.2AIHighAI2025-12-11
CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload — Compuware iStrobe Web 9.8AICriticalAI2025-12-11
CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload — ElkArte Forum 7.2AIHighAI2025-12-11

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.