Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5131 Tmall Demo uploadCategoryImage unrestricted upload — Demo 4.7 Medium2025-05-24
CVE-2025-5130 Tmall Demo uploadProductImage unrestricted upload — Demo 4.7 Medium2025-05-24
CVE-2025-5058 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image() — eMagicOne Store Manager for WooCommerce 9.8 Critical2025-05-24
CVE-2025-4336 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() — eMagicOne Store Manager for WooCommerce 8.1 High2025-05-24
CVE-2025-31916 WordPress JP Students Result Management System Premium plugin 1.1.7 - Arbitrary File Upload vulnerability — JP Students Result Management System Premium 9.0 Critical2025-05-23
CVE-2025-46490 WordPress Crossword Compiler Puzzles plugin <= 5.2 - Arbitrary File Upload Vulnerability — Crossword Compiler Puzzles 9.9 Critical2025-05-23
CVE-2025-47637 WordPress STAGGS plugin <= 2.11.0 - Arbitrary File Upload Vulnerability — STAGGS 10.0 Critical2025-05-23
CVE-2025-47642 WordPress Ajar in5 Embed plugin <= 3.1.5 - Arbitrary File Upload Vulnerability — Ajar in5 Embed 10.0 Critical2025-05-23
CVE-2025-47641 WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.3.9 - Arbitrary File Upload Vulnerability — Printcart Web to Print Product Designer for WooCommerce 10.0 Critical2025-05-23
CVE-2025-47658 WordPress ELEX HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Arbitrary File Upload vulnerability — ELEX WordPress HelpDesk & Customer Ticketing System 9.9 Critical2025-05-23
CVE-2025-47663 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability — Hospital Management System 9.9 Critical2025-05-23
CVE-2025-47687 WordPress StoreKeeper for WooCommerce plugin <= 14.4.4 - Arbitrary File Upload Vulnerability — StoreKeeper for WooCommerce 10.0 Critical2025-05-23
CVE-2025-5108 zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload — ShopXO 6.3 Medium2025-05-23
CVE-2025-30169 Admin Authorized File Upload and Execute PHP — ASPECT-Enterprise 6.7 Medium2025-05-22
CVE-2025-30173 Admin Authorized File Upload — ASPECT-Enterprise 6.7 Medium2025-05-22
CVE-2025-3444 Local File Inclusion — ServiceDesk Plus MSP 6.5 Medium2025-05-22
CVE-2024-9544 MapSVG - All Kinds of Maps and Store Locator for WordPress <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — MapSVG 6.4 Medium2025-05-22
CVE-2025-5059 Campcodes Online Shopping Portal edit-subcategory.php unrestricted upload — Online Shopping Portal 4.7 Medium2025-05-21
CVE-2025-39380 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability — Hospital Management System 10.0 Critical2025-05-19
CVE-2025-39401 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability — WPAMS 10.0 Critical2025-05-19
CVE-2025-39402 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability — WPAMS 9.9 Critical2025-05-19
CVE-2025-47577 WordPress TI WooCommerce Wishlist plugin <= 2.9.2 - Arbitrary File Upload Vulnerability — TI WooCommerce Wishlist 10.0 Critical2025-05-19
CVE-2025-26892 WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability — Celestial Aura 9.9 Critical2025-05-19
CVE-2025-26872 WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability — Eximius 9.9 Critical2025-05-19
CVE-2025-4926 PHPGurukul Car Rental Project post-avehical.php unrestricted upload — Car Rental Project 4.7 Medium2025-05-19
CVE-2025-4923 SourceCodester Client Database Management System user_delivery_update.php unrestricted upload — Client Database Management System 7.3 High2025-05-19
CVE-2025-4391 Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload — Echo RSS Feed Post Generator 9.8 Critical2025-05-17
CVE-2025-4389 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload — Crawlomatic Multipage Scraper Post Generator 9.8 Critical2025-05-17
CVE-2025-4768 feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload — ssm-erp 6.3 Medium2025-05-16
CVE-2025-4735 Campcodes Sales and Inventory System product.php unrestricted upload — Sales and Inventory System 6.3 Medium2025-05-16

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.