Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47787 Emlog Pro Contains a File Upload Vulnerability — emlog 7.2AIHighAI2025-05-15
CVE-2025-3917 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload — SEO合集(支持百度/Google/Bing/头条推送) 9.8 Critical2025-05-15
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. — web 8.4 High2025-05-13
CVE-2025-4317 TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload — TheGem 8.8 High2025-05-13
CVE-2025-4561 Kinfor KFOX - Arbitrary File Upload — KFOX 8.8 High2025-05-12
CVE-2025-4556 ZONG YU Okcat Parking Management Platform - Arbitrary File Upload — Okcat Parking Management Platform 9.8 Critical2025-05-12
CVE-2025-4538 kkFileView fileUpload unrestricted upload — kkFileView 6.3 Medium2025-05-11
CVE-2025-4403 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function — Drag and Drop Multiple File Upload for WooCommerce 9.8 Critical2025-05-09
CVE-2024-11617 Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file — Envolve Plugin 9.8 Critical2025-05-09
CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload — 1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone 8.8 High2025-05-09
CVE-2025-4468 SourceCodester Online Student Clearance System edit-photo.php unrestricted upload — Online Student Clearance System 7.3 High2025-05-09
CVE-2025-47550 WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability — Instantio 6.6 Medium2025-05-07
CVE-2025-47549 WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability — BEAF 9.1 Critical2025-05-07
CVE-2025-0984 Arbitrary File Upload in Netoloji Software's E-Flow — E-Flow 8.2 High2025-05-06
CVE-2025-40625 Multiple vulnerabilities in TCMAN's GIM — GIM 9.8AICriticalAI2025-05-06
CVE-2025-4333 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload — ssm-erp 6.3 Medium2025-05-06
CVE-2025-4310 itsourcecode Content Management System add_topic.php unrestricted upload — Content Management System 4.7 Medium2025-05-06
CVE-2025-4305 kefaming mayi File.php upload unrestricted upload — mayi 6.3 Medium2025-05-06
CVE-2025-4291 IdeaCMS saveUpload unrestricted upload — IdeaCMS 6.3 Medium2025-05-05
CVE-2025-4279 External image replace <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload — External image replace 8.8 High2025-05-05
CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager — october 4.8AIMediumAI2025-05-05
CVE-2025-4259 newbee-mall UploadController.java upload unrestricted upload — newbee-mall 6.3 Medium2025-05-05
CVE-2025-4258 zhangyanbo2007 youkefu MediaController.java upload unrestricted upload — youkefu 6.3 Medium2025-05-05
CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload — Benaa Framework 8.8 High2025-05-02
CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS — Kibana 5.4 Medium2025-05-01
CVE-2025-25016 Kibana Unrestricted Upload of File — Kibana 4.3 Medium2025-05-01
CVE-2022-42449 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type — HCL Domino Volt 4.6 Medium2025-04-30
CVE-2022-27562 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type — HCL Domino Volt 4.6 Medium2025-04-30
CVE-2025-0520 ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution — ShowDoc 9.8AICriticalAI2025-04-29
CVE-2025-4006 youyiio BeyongCms Document Management Page Upload.html unrestricted upload — BeyongCms 4.7 Medium2025-04-28

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.