CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-7847	AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload — AI Engine	8.8	High	2025-07-31
CVE-2025-8344	openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload — shio	6.3	Medium	2025-07-31
CVE-2025-8323	Ventem｜e-School - Arbitrary File Upload — e-School	8.8	High	2025-07-30
CVE-2025-8265	299Ko CMS File Management view unrestricted upload — CMS	4.7	Medium	2025-07-28
CVE-2025-8256	code-projects Online Ordering System product.php unrestricted upload — Online Ordering System	6.3	Medium	2025-07-28
CVE-2025-8255	code-projects Exam Form Submission register.php unrestricted upload — Exam Form Submission	7.3	High	2025-07-28
CVE-2025-8174	code-projects Voting System candidates_add.php unrestricted upload — Voting System	6.3	Medium	2025-07-26
CVE-2025-8171	code-projects Document Management System insert.php unrestricted upload — Document Management System	6.3	Medium	2025-07-25
CVE-2025-52449	Salesforce Tableau 安全漏洞 — Tableau Server	9.8	-	2025-07-25
CVE-2016-15046	Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE — Smart Security Manager (SSM)	9.8	-	2025-07-25
CVE-2014-125116	HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection — HybridAuth	9.8	-	2025-07-25
CVE-2013-10032	GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload — GetSimple CMS	8.8	-	2025-07-25
CVE-2025-5831	Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload — Droip	8.8	High	2025-07-25
CVE-2025-8128	zhousg letao product.js unrestricted upload — letao	6.3	Medium	2025-07-25
CVE-2015-10144	Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload — Thumbnail carousel slider	8.8	High	2025-07-25
CVE-2025-5243	Arbitrary File Upload in SMG Software's Information Portal — Information Portal	10.0	Critical	2025-07-24
CVE-2025-7437	Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload — Ebook Store	9.8	Critical	2025-07-24
CVE-2025-7852	WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function — WPBookit	9.8	Critical	2025-07-24
CVE-2018-25114	osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution — Online Merchant	9.8	-	2025-07-23
CVE-2025-40599	SonicWALL SMA 代码问题漏洞 — SMA 100 Series	7.2	-	2025-07-23
CVE-2025-54439	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	8.8	High	2025-07-23
CVE-2025-54444	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	9.8	Critical	2025-07-23
CVE-2025-54442	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	9.8	Critical	2025-07-23
CVE-2025-54441	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	8.8	High	2025-07-23
CVE-2025-54440	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	9.8	Critical	2025-07-23
CVE-2025-54447	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	8.1	High	2025-07-23
CVE-2025-54448	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	9.8	Critical	2025-07-23
CVE-2025-54449	SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server	9.8	Critical	2025-07-23
CVE-2015-10137	Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload — Website Contact Form With File Upload	9.8	Critical	2025-07-22
CVE-2012-10020	FoxyPress <= 0.4.2.1 - Arbitrary File Upload — FoxyPress	9.8	Critical	2025-07-22

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018