Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2006 Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload — Inline Image Upload for BBPress 8.8 High2025-03-29
CVE-2025-2819 Unrestricted Fileupload — GT-SoftControl 6.6 Medium2025-03-26
CVE-2025-2706 Digiwin ERP UploadAjaxAPI.ashx unrestricted upload — ERP 6.3 Medium2025-03-24
CVE-2025-2705 Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload — ERP 7.3 High2025-03-24
CVE-2025-2702 Softwin WMX3 ImageAdd.ashx ImageAdd unrestricted upload — WMX3 6.3 Medium2025-03-24
CVE-2025-2687 PHPGurukul eLearning System Image index.php unrestricted upload — eLearning System 6.3 Medium2025-03-24
CVE-2025-2671 Yue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted upload — Blind Box 月老盲盒 6.3 Medium2025-03-23
CVE-2025-2607 phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload — LzCMS-LaoZhangBoKeXiTong 6.3 Medium2025-03-21
CVE-2025-2606 SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload — Best Church Management Software 6.3 Medium2025-03-21
CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio — composiohq/composio 9.8 -2025-03-20
CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui — parisneo/lollms-webui 9.8 -2025-03-20
CVE-2024-10901 Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt — eosphoros-ai/db-gpt 9.8 -2025-03-20
CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning — lightning-ai/pytorch-lightning 7.8 -2025-03-20
CVE-2025-2512 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function — File Away 9.8 Critical2025-03-19
CVE-2024-45644 IBM Security ReaQta file upload — Security ReaQta 4.7 Medium2025-03-19
CVE-2025-24801 GLPI allows authenticated remote code execution — glpi 8.6 High2025-03-18
CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center — Softdial Contact Center 9.8 -2025-03-18
CVE-2025-2396 e-Excellence U-Office Force - Arbitrary File Upload — U-Office Force 8.8 High2025-03-17
CVE-2025-2350 IROAD Dash Cam FX2 upload_file unrestricted upload — Dash Cam FX2 6.3 Medium2025-03-16
CVE-2025-2219 LoveCards LoveCardsV2 image unrestricted upload — LoveCardsV2 7.3 High2025-03-12
CVE-2025-2216 zzskzy Warehouse Refinement Management System SaveCrash.ashx UploadCrash unrestricted upload — Warehouse Refinement Management System 6.3 Medium2025-03-12
CVE-2025-28915 WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability — ThemeEgg ToolKit 9.1 Critical2025-03-11
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager — Joomla! CMS 8.8 -2025-03-11
CVE-2025-2115 zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload — Warehouse Refinement Management System 6.3 Medium2025-03-09
CVE-2024-13359 Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload — Product Input Fields for WooCommerce 8.1 High2025-03-08
CVE-2024-13882 Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload — Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit 8.8 High2025-03-08
CVE-2024-13908 SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload — SMTP by BestWebSoft 7.2 High2025-03-08
CVE-2025-2035 s-a-zhd Ecommerce-Website-using-PHP customer_register.php unrestricted upload — Ecommerce-Website-using-PHP 6.3 Medium2025-03-06
CVE-2025-2031 ChestnutCMS upload uploadFile unrestricted upload — ChestnutCMS 6.3 Medium2025-03-06
CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page — redaxo 5.4 Medium2025-03-05

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.