Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-55743 UnoPim vulnerable to remote code execution through Arbitrary File upload — unopim 8.1AIHighAI2025-08-21
CVE-2025-53251 WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability — Pin WP 9.9 Critical2025-08-21
CVE-2025-9296 Emlog Pro blogger.php unrestricted upload — Emlog Pro 4.7 Medium2025-08-21
CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass — Mattermost 6.8 Medium2025-08-21
CVE-2025-43750 Liferay Portal和Liferay DXP 代码问题漏洞 — Portal 7.5AIHighAI2025-08-20
CVE-2025-49408 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Upload Vulnerability — Premium Age Verification / Restriction for WordPress 10.0 Critical2025-08-20
CVE-2025-49410 WordPress Portfolio Manager Pro Plugin 3.8 - Arbitrary File Upload Vulnerability — Portfolio Manager Pro 10.0 Critical2025-08-20
CVE-2025-48148 WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability — StoreKeeper for WooCommerce 10.0 Critical2025-08-20
CVE-2025-53213 WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability — ReachShip WooCommerce Multi-Carrier & Conditional Shipping 9.9 Critical2025-08-20
CVE-2025-54677 WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability — Online Booking & Scheduling Calendar for WordPress by vcita 9.1 Critical2025-08-20
CVE-2025-9153 itsourcecode Online Tour and Travel Management System travellers.php unrestricted upload — Online Tour and Travel Management System 6.3 Medium2025-08-19
CVE-2025-8450 Unrestricted File Upload in FileCatalyst — FileCatalyst 8.2 High2025-08-19
CVE-2025-9099 Acrel Environmental Monitoring Cloud Platform UploadNewsImg unrestricted upload — Environmental Monitoring Cloud Platform 6.3 Medium2025-08-18
CVE-2025-6079 School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload — School Management System for Wordpress 8.8 High2025-08-16
CVE-2025-7441 StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload — StoryChief 9.8 Critical2025-08-16
CVE-2025-54473 Extension - phoca.cz - Authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla — phoca.cz - Phoca Commander for Joomla 7.2AIHighAI2025-08-15
CVE-2025-6679 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder 9.8 Critical2025-08-15
CVE-2025-8965 linlinjava litemall Endpoint AdminStorageController.java create unrestricted upload — litemall 6.3 Medium2025-08-14
CVE-2025-54693 WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability — Form Block 9.0 Critical2025-08-14
CVE-2025-24775 WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability — Forms 9.9 Critical2025-08-14
CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE — CMS 9.8AICriticalAI2025-08-13
CVE-2012-10056 PHP Volunteer Management System 1.0.2 Arbitrary File Upload — PHP Volunteer Management 8.8AIHighAI2025-08-13
CVE-2025-8297 Ivanti Avalanche 代码问题漏洞 — Avalanche 7.2 High2025-08-12
CVE-2025-33023 Siemens多款产品 代码问题漏洞 — RUGGEDCOM ROX MX5000 4.1 Medium2025-08-12
CVE-2012-10038 Auxilium RateMyPet Arbitrary File Upload RCE — RateMyPet 9.8AICriticalAI2025-08-11
CVE-2025-8859 code-projects eBlog Site File Upload save-slider.php unrestricted upload — eBlog Site 6.3 Medium2025-08-11
CVE-2025-8841 zlt2000 microservices-platform FileController.java upload unrestricted upload — microservices-platform 6.3 Medium2025-08-11
CVE-2025-8798 oitcode samarium Create Product product unrestricted upload — samarium 7.3 High2025-08-10
CVE-2025-8775 Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload — Eelectronic Signature Platform 6.3 Medium2025-08-09
CVE-2025-8764 linlinjava litemall upload unrestricted upload — litemall 6.3 Medium2025-08-09

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.