Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7939 jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload — JPACookieShop 蛋糕商城JPA版 6.3 Medium2025-07-21
CVE-2025-54071 RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution — romm 8.8 -2025-07-21
CVE-2025-7931 code-projects Church Donation System admin_pic.php unrestricted upload — Church Donation System 7.3 High2025-07-21
CVE-2025-32744 Dell AppSync 代码问题漏洞 — AppSync 6.6 Medium2025-07-21
CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability — nova-tiptap 8.6 -2025-07-21
CVE-2025-7917 Simopro Technology|WinMatrix3 Web package - Arbitrary File Upload — WinMatrix3 Web package 7.2 High2025-07-21
CVE-2025-7906 yangzongzhuan RuoYi CommonController.java uploadFile unrestricted upload — RuoYi 6.3 Medium2025-07-20
CVE-2025-7898 Codecanyon iDentSoft Account Setting Page updateSetting unrestricted upload — iDentSoft 4.7 Medium2025-07-20
CVE-2025-46384 Emby Windows 代码问题漏洞 — Windows 8.8 High2025-07-20
CVE-2025-7895 harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload — MoneyPrinterTurbo 6.3 Medium2025-07-20
CVE-2025-7880 Metasoft 美特软件 MetaCRM sendsms.jsp unrestricted upload — MetaCRM 6.3 Medium2025-07-20
CVE-2025-7879 Metasoft 美特软件 MetaCRM mobileupload.jsp unrestricted upload — MetaCRM 6.3 Medium2025-07-20
CVE-2025-7878 Metasoft 美特软件 MetaCRM upload2.jsp unrestricted upload — MetaCRM 6.3 Medium2025-07-20
CVE-2025-7877 Metasoft 美特软件 MetaCRM sendfile.jsp unrestricted upload — MetaCRM 6.3 Medium2025-07-20
CVE-2025-7864 thinkgem JeeSite FileUploadController.java upload unrestricted upload — JeeSite 6.3 Medium2025-07-20
CVE-2015-10138 Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload — Work The Flow File Upload 9.8 Critical2025-07-19
CVE-2012-10019 Front-end Editor < 2.3 - Arbitrary File Upload — Front-end Editor 9.8 Critical2025-07-19
CVE-2015-10135 WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload — WPshop 2 – E-Commerce 9.8 Critical2025-07-19
CVE-2016-15043 WP Mobile Detector <= 3.5 - Arbitrary File Upload — WP Mobile Detector 9.8 Critical2025-07-19
CVE-2025-7438 MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload — MasterStudy LMS Pro 7.5 High2025-07-18
CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload — WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet 9.8 Critical2025-07-18
CVE-2025-7755 code-projects Online Ordering System edit_product.php unrestricted upload — Online Ordering System 6.3 Medium2025-07-17
CVE-2025-34121 Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE — Up.Time Monitoring Station 9.8AICriticalAI2025-07-16
CVE-2025-20274 Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability — Cisco Unified Contact Center Express 6.3 Medium2025-07-16
CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability — Medical Prescription Attachment Plugin for WooCommerce 10.0 Critical2025-07-16
CVE-2025-48300 WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability — Groundhogg 9.1 Critical2025-07-16
CVE-2025-34111 Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE — Wiki CMS Groupware 9.8AICriticalAI2025-07-15
CVE-2025-34104 Piwik Authenticated RCE via Custom Plugin Upload — Web Analytics Platform 7.2AIHighAI2025-07-15
CVE-2025-7340 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload — HT Contact Form – Drag & Drop Form Builder for WordPress 9.8 Critical2025-07-15
CVE-2025-53891 TIME LINE has Improper File Validation in Upload Section — Time-Line- 4.3 Medium2025-07-15

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.