Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10051 Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload — Demo Import Kit 7.2 High2025-10-15
CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload — Flex QR Code Generator 9.8 Critical2025-10-15
CVE-2025-10754 DocoDoco Store Locator <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload — DocoDoco Store Locator 7.2 High2025-10-15
CVE-2023-7305 SmartBI RMIServlet Unrestricted File Upload RCE — SmartBI 10.0AICriticalAI2025-10-15
CVE-2025-61678 FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter — endpointman 8.8AIHighAI2025-10-14
CVE-2025-42910 Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management — SAP Supplier Relationship Management 9.0 Critical2025-10-14
CVE-2025-11675 Ragic|Enterprise Cloud Database - Arbitrary File Upload — Enterprise Cloud Database 7.2 High2025-10-13
CVE-2025-11660 ProjectsAndPrograms School Management System uploadSllyabus.php unrestricted upload — School Management System 7.3 High2025-10-13
CVE-2025-11659 ProjectsAndPrograms School Management System uploadNotes.php unrestricted upload — School Management System 7.3 High2025-10-13
CVE-2025-11658 ProjectsAndPrograms School Management System changeSllyabus.php unrestricted upload — School Management System 7.3 High2025-10-13
CVE-2025-11657 ProjectsAndPrograms School Management System createNotice.php unrestricted upload — School Management System 7.3 High2025-10-13
CVE-2025-11656 ProjectsAndPrograms School Management System editNotes.php unrestricted upload — School Management System 7.3 High2025-10-13
CVE-2025-11655 Total.js Flow SVG File unrestricted upload — Flow 4.7 Medium2025-10-13
CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload — Ovatheme Events Manager 9.8 Critical2025-10-11
CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload — Voting System 4.7 Medium2025-10-08
CVE-2025-11470 SourceCodester Hotel and Lodge Management System manage_website.php unrestricted upload — Hotel and Lodge Management System 4.7 Medium2025-10-08
CVE-2025-11436 JhumanJ OpnForm answer unrestricted upload — OpnForm 6.3 Medium2025-10-08
CVE-2025-11426 projectworlds Advanced Library Management System edit_book.php unrestricted upload — Advanced Library Management System 6.3 Medium2025-10-08
CVE-2025-11417 Campcodes Advanced Online Voting Management System voters_add.php unrestricted upload — Advanced Online Voting Management System 6.3 Medium2025-10-07
CVE-2025-11398 SourceCodester Hotel and Lodge Management System Profile profile.php unrestricted upload — Hotel and Lodge Management System 6.3 Medium2025-10-07
CVE-2025-11354 code-projects Online Hotel Reservation System addslideexec.php unrestricted upload — Online Hotel Reservation System 6.3 Medium2025-10-07
CVE-2025-11353 code-projects Online Hotel Reservation System addgalleryexec.php unrestricted upload — Online Hotel Reservation System 6.3 Medium2025-10-07
CVE-2025-11352 code-projects Online Hotel Reservation System addexec.php unrestricted upload — Online Hotel Reservation System 6.3 Medium2025-10-07
CVE-2025-11351 code-projects Online Hotel Reservation System editpicexec.php unrestricted upload — Online Hotel Reservation System 6.3 Medium2025-10-07
CVE-2025-11347 code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload — Student Crud Operation 7.3 High2025-10-07
CVE-2025-61687 FlowiseAI/Flosise has File Upload vulnerability — Flowise 8.3 High2025-10-06
CVE-2025-11320 zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload — wisdom-education 6.3 Medium2025-10-06
CVE-2025-11318 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 uploadWxFile.do unrestricted upload — Data Leakage Prevention System 天锐数据泄露防护系统 7.3 High2025-10-06
CVE-2025-9212 WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload — WP Dispatcher 7.5 High2025-10-03
CVE-2025-9561 AP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function — AP Background 8.8 High2025-10-03

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.