Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12593 code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload — Simple Online Hotel Reservation System 4.7 Medium2025-11-02
CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload — RESTful Content Syndication 8.8 High2025-11-01
CVE-2025-11755 Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload — WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) 8.8 High2025-11-01
CVE-2025-11499 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload — Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 9.8 Critical2025-11-01
CVE-2025-62618 ELOG file upload stored XSS — ELOG 8.0 High2025-10-31
CVE-2020-36863 Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory — XI 8.8AIHighAI2025-10-30
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite — Dnn.Platform 10.0 Critical2025-10-28
CVE-2025-12378 code-projects Simple Food Ordering System addproduct.php unrestricted upload — Simple Food Ordering System 7.3 High2025-10-28
CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload — CMS 6.3 Medium2025-10-28
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload — CMS 6.3 Medium2025-10-28
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload — U8 Cloud 6.3 Medium2025-10-28
CVE-2025-12331 Willow CMS add unrestricted upload — CMS 4.7 Medium2025-10-27
CVE-2025-12301 code-projects Simple Food Ordering System editproduct.php unrestricted upload — Simple Food Ordering System 7.3 High2025-10-27
CVE-2025-12291 ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload — Full-Ecommece-Website 4.7 Medium2025-10-27
CVE-2025-12268 LearnHouse Course Thumbnail courses unrestricted upload — LearnHouse 6.3 Medium2025-10-27
CVE-2025-12223 Bdtask Flight Booking Software Package Information package-information unrestricted upload — Flight Booking Software 6.3 Medium2025-10-27
CVE-2025-12222 Bdtask Flight Booking Software Deposit deposit unrestricted upload — Flight Booking Software 6.3 Medium2025-10-27
CVE-2025-12201 ajayrandhawa User-Management-PHP-MYSQL User Management edit-user.php unrestricted upload — User-Management-PHP-MYSQL 4.7 Medium2025-10-27
CVE-2025-11889 AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import — AIO Forms – Craft Complex Forms Easily 7.2 High2025-10-24
CVE-2025-6440 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload — WooCommerce Designer Pro 9.8 Critical2025-10-24
CVE-2025-58963 WordPress Medcity theme < 1.1.9 - Arbitrary File Upload vulnerability — Medcity 10.0 Critical2025-10-22
CVE-2025-52758 WordPress Zippy plugin <= 1.7.0 - Arbitrary File Upload vulnerability — Zippy 9.1 Critical2025-10-22
CVE-2025-49060 WordPress Wastia theme < 1.1.3 - Arbitrary File Upload vulnerability — Wastia 9.1AICriticalAI2025-10-22
CVE-2025-48106 WordPress Clanora theme < 1.3.1 - Arbitrary File Upload vulnerability — Clanora 8.8AIHighAI2025-10-22
CVE-2025-31342 Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type — Vitals ESP 8.8AIHighAI2025-10-20
CVE-2025-11948 Excellent Infotek|Document Management System - Arbitrary File Upload — Document Management System 9.8 Critical2025-10-20
CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload — PPOM – Product Addons & Custom Fields for WooCommerce 9.8 Critical2025-10-18
CVE-2025-11908 Shenzhen Ruiming Technology Streamax Crocus FileDir.do uploadFile unrestricted upload — Streamax Crocus 6.3 Medium2025-10-17
CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload — Flex QR Code Generator 9.8 Critical2025-10-15
CVE-2025-10051 Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload — Demo Import Kit 7.2 High2025-10-15

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.