Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-47259 AXIS OS 代码问题漏洞 — AXIS OS 3.5 Low2025-03-04
CVE-2025-1890 shishuocms ManageUpLoadAction.java handleRequest unrestricted upload — shishuocms 6.3 Medium2025-03-03
CVE-2025-1835 osuuu LightPicture Api.php upload unrestricted upload — LightPicture 6.3 Medium2025-03-02
CVE-2025-1834 zj1983 zz resolve unrestricted upload — zz 6.3 Medium2025-03-02
CVE-2025-1818 zj1983 zz ZfileAction.upload unrestricted upload — zz 6.3 Medium2025-03-02
CVE-2025-1791 Zorlan SkyCaiji Tool.php fileAction unrestricted upload — SkyCaiji 6.3 Medium2025-03-01
CVE-2024-8425 WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload — WooCommerce Ultimate Gift Card 9.8 Critical2025-02-28
CVE-2025-0731 SMA: Sunny Portal Remote Code Execution — www.sunnyportal.com 6.5 Medium2025-02-26
CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder 9.8 Critical2025-02-25
CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload — ERP 7.3 High2025-02-25
CVE-2025-1598 SourceCodester Best Church Management Software asset_crud.php unrestricted upload — Best Church Management Software 6.3 Medium2025-02-23
CVE-2025-1593 SourceCodester Best Employee Management System Profile Picture unrestricted upload — Best Employee Management System 4.7 Medium2025-02-23
CVE-2025-1590 SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload — E-Learning System 4.7 Medium2025-02-23
CVE-2025-26776 WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability — Chaty Pro 10.0 Critical2025-02-22
CVE-2024-13869 Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file — WPvivid — Backup, Migration & Staging 7.2 High2025-02-22
CVE-2025-1555 hzmanyun Education and Training System saveImage unrestricted upload — Education and Training System 7.3 High2025-02-21
CVE-2025-22654 WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability — Simplified 10.0 Critical2025-02-18
CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload — Orca HCM 8.8 High2025-02-17
CVE-2025-1355 needyamin Library Card System Add Picture signup.php unrestricted upload — Library Card System 7.3 High2025-02-16
CVE-2025-1070 Schneider Electric ASCO 5310和ASCO 5350 代码问题漏洞 — ASCO 5310 Single-Channel Remote Annunciator 8.1 High2025-02-13
CVE-2025-26350 Q-Free MAXTIME Suite 代码问题漏洞 — MaxTime 4.9 Medium2025-02-12
CVE-2024-10960 Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads — Brizy – Page Builder 9.9 Critical2025-02-12
CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload — Login Security, FireWall, Malware removal by CleanTalk 9.8 Critical2025-02-12
CVE-2024-13714 All-Images.ai – IA Image Bank and Custom Image creation <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload — All-Images.ai – IA Image Bank and Custom Image creation 8.8 High2025-02-12
CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager — Wattsense Bridge 8.8 -2025-02-11
CVE-2025-1166 SourceCodester Food Menu Manager update.php unrestricted upload — Food Menu Manager 6.3 Medium2025-02-11
CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload — ERP 7.3 High2025-02-11
CVE-2024-13011 WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload — WP Foodbakery 9.8 Critical2025-02-10
CVE-2025-1025 Cockpit 安全漏洞 — cockpit-hq/cockpit 7.5 High2025-02-05
CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload — Contact Manager 8.1 High2025-02-05

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.