Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14530 SourceCodester Real Estate Property Listing App property.php unrestricted upload — Real Estate Property Listing App 4.7 Medium2025-12-11
CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload — hfly 6.3 Medium2025-12-11
CVE-2024-58283 WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload — WBCE CMS 8.8AIHighAI2025-12-10
CVE-2024-58282 Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload — Serendipity 7.2AIHighAI2025-12-10
CVE-2024-58281 Dotclear 2.29 Remote Code Execution via Authenticated File Upload — Dotclear 8.8AIHighAI2025-12-10
CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload — appRain CMF 7.2AIHighAI2025-12-10
CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution — QiHang Media Web Digital Signage 9.8AICriticalAI2025-12-10
CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload — Video Merchant 8.8 High2025-12-10
CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434) — ColdFusion 9.1 Critical2025-12-09
CVE-2025-14219 Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload — Retro Basketball Shoes Online Store 4.7 Medium2025-12-08
CVE-2025-14199 Verysync 微力同步 Web Administration text.txt unrestricted upload — 微力同步 6.3 Medium2025-12-07
CVE-2025-14195 code-projects Employee Profile Management System add_file_query.php unrestricted upload — Employee Profile Management System 6.3 Medium2025-12-07
CVE-2025-13065 Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass — Starter Templates – AI-Powered Templates for Elementor & Gutenberg 8.8 High2025-12-06
CVE-2025-12966 All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP — All-in-One Video Gallery 8.8 High2025-12-06
CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload — Flex QR Code Generator 9.8 Critical2025-12-06
CVE-2020-36882 Flexsense DiskBoss Application Crash Denial of Service — DiskBoss 7.5 -2025-12-05
CVE-2025-12154 Auto Thumbnailer <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload — Auto Thumbnailer 8.8 High2025-12-05
CVE-2025-12153 Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload — Featured Image via URL 8.8 High2025-12-05
CVE-2025-12181 ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload — ContentStudio 8.8 High2025-12-05
CVE-2025-13066 Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass — Demo Importer Plus 8.8 High2025-12-05
CVE-2025-13543 PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload — PostGallery 8.8 High2025-12-04
CVE-2025-13949 ProudMuBai GoFilm FileController.go SingleUpload unrestricted upload — GoFilm 6.3 Medium2025-12-03
CVE-2025-13646 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition — Image Gallery – Photo Grid & Video Gallery 7.5 High2025-12-03
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads — Mautic 9.8AICriticalAI2025-12-02
CVE-2025-13516 SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload — SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers 8.1 High2025-12-02
CVE-2025-13815 moxi159753 Mogu Blog v2 pictures unrestricted upload — Mogu Blog v2 6.3 Medium2025-12-01
CVE-2025-13536 Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' — PowerPress Podcasting plugin by Blubrry 8.8 High2025-11-27
CVE-2025-66256 Unauthenticated Arbitrary File Upload (patch_contents.php) — Mozart FM Transmitter 9.8AICriticalAI2025-11-26
CVE-2025-66250 Unauthenticated Arbitrary File Upload (status_contents.php) — Mozart FM Transmitter 9.8AICriticalAI2025-11-26
CVE-2025-13597 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload — AI Feeds 9.8 Critical2025-11-25

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.