Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7063 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMS 9.8AICriticalAI2025-09-30
CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload — Qyrr – simply and modern QR-Code creation 6.4 Medium2025-09-30
CVE-2025-35032 Medical Informatics Engineering Enterprise Health arbitrary file upload — Enterprise Health 3.4 Low2025-09-29
CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload — CMS 4.7 Medium2025-09-29
CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload — Online Tours and Travels 4.7 Medium2025-09-28
CVE-2025-11078 itsourcecode Open Source Job Portal controller.php unrestricted upload — Open Source Job Portal 6.3 Medium2025-09-27
CVE-2025-10544 Unrestricted uploading of dangerous file types to AvePoint products — DocAve 6.5 -2025-09-26
CVE-2025-60219 WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability — WooCommerce Designer Pro 10.0 Critical2025-09-26
CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution — WSO2 Enterprise Integrator 6.7 Medium2025-09-26
CVE-2025-10747 WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload — WP-DownloadManager 7.2 High2025-09-26
CVE-2025-9846 Unrestricted File Upload in TaletSys Inka.Net — Inka.Net 10.0 Critical2025-09-23
CVE-2025-10412 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file' — Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) 9.8 Critical2025-09-23
CVE-2025-10147 Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload — Podlove Podcast Publisher 9.8 Critical2025-09-23
CVE-2025-10009 Authenticated admin RCE in Invoice Ninja — Invoice Ninja 5 7.2AIHighAI2025-09-22
CVE-2025-10763 academico-sis academico Profile Picture edit-photo unrestricted upload — academico 6.3 Medium2025-09-21
CVE-2025-10755 Selleo Mentingo Content-Type unrestricted upload — Mentingo 6.3 Medium2025-09-20
CVE-2025-10741 Selleo Mentingo Profile Picture unrestricted upload — Mentingo 6.3 Medium2025-09-20
CVE-2025-34195 Vasion Print (formerly PrinterLogic) Unquoted Path During Driver Installation Leads to Execution of C:\Program.exe — Print Virtual Appliance Host 8.8 -2025-09-19
CVE-2025-10647 Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload — Embed PDF for WPForms 8.8 High2025-09-19
CVE-2025-10669 Airsonic-Advanced Playlist Upload unrestricted upload — Airsonic-Advanced 6.3 Medium2025-09-18
CVE-2025-40678 Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado — Portal del Empleado 9.8AICriticalAI2025-09-18
CVE-2025-10616 itsourcecode E-Commerce Website users.php unrestricted upload — E-Commerce Website 6.3 Medium2025-09-17
CVE-2025-10615 itsourcecode E-Commerce Website products.php unrestricted upload — E-Commerce Website 6.3 Medium2025-09-17
CVE-2025-10600 SourceCodester Online Exam Form Submission register.php unrestricted upload — Online Exam Form Submission 7.3 High2025-09-17
CVE-2025-9216 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload — StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More 8.8 High2025-09-17
CVE-2009-20006 osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution — osCommerce 9.8AICriticalAI2025-09-16
CVE-2025-10480 SourceCodester Online Student File Management System save_file.php unrestricted upload — Online Student File Management System 6.3 Medium2025-09-15
CVE-2025-10447 Campcodes Online Job Finder System applicationform.php unrestricted upload — Online Job Finder System 7.3 High2025-09-15
CVE-2025-10428 SourceCodester Pet Grooming Management Software Setting seo_setting.php unrestricted upload — Pet Grooming Management Software 6.3 Medium2025-09-15
CVE-2025-10427 SourceCodester Pet Grooming Management Software user.php unrestricted upload — Pet Grooming Management Software 6.3 Medium2025-09-15

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.