Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13723 Checkmk NagVis Remote Code Execution — NagVis 7.2 -2025-02-04
CVE-2024-57968 Advantive VeraCore 安全漏洞 — VeraCore 9.9 Critical2025-02-03
CVE-2025-23213 Tandoor Recipes - Stored XSS through Unrestricted File Upload — recipes 8.7 High2025-01-28
CVE-2024-13448 ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data — ThemeREX Addons 9.8 Critical2025-01-28
CVE-2025-0722 needyamin image_gallery Cover Image gallery.php unrestricted upload — image_gallery 4.7 Medium2025-01-26
CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload — WPBookit 9.8 Critical2025-01-25
CVE-2025-0702 JoeyBling bootplus SysFileController.java unrestricted upload — bootplus 6.3 Medium2025-01-24
CVE-2025-24650 WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability — Tourfic 9.1 Critical2025-01-24
CVE-2024-40693 IBM Planning Analytics file upload — Planning Analytics Local 8.0 High2025-01-24
CVE-2024-25034 IBM Planning Analytics file upload — Planning Analytics Local 8.0 High2025-01-24
CVE-2024-55926 Arbitrary file upload, deletion and read through header manipulation — Xerox Workplace Suite 7.6 High2025-01-23
CVE-2025-23953 WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability — user files 10.0 Critical2025-01-22
CVE-2025-23942 WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability — WP Load Gallery 9.1 Critical2025-01-22
CVE-2025-23921 WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability — Multi Uploader for Gravity Forms 9.0 Critical2025-01-22
CVE-2025-23918 WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability — Smallerik File Browser 9.9 Critical2025-01-22
CVE-2024-13091 WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload — WPBot Pro Wordpress Chatbot 9.8 Critical2025-01-21
CVE-2025-22723 WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerability — Barcode Scanner with Inventory & Order Manager 9.1 Critical2025-01-21
CVE-2024-51919 WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerability — Fancy Product Designer 9.0 Critical2025-01-21
CVE-2025-0582 itsourcecode Farm Management System add-pig.php unrestricted upload — Farm Management System 4.7 Medium2025-01-20
CVE-2024-13333 Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload — Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin 7.5 High2025-01-17
CVE-2025-0471 Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform — PMB platform 9.9 Critical2025-01-16
CVE-2024-13355 Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting — Admin and Customer Messages After Order for WooCommerce: OrderConvo 5.4 Medium2025-01-16
CVE-2025-22782 WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability — WR Price List Manager For Woocommerce 9.9 Critical2025-01-15
CVE-2024-13171 Ivanti EPM 代码问题漏洞 — Endpoint Manager 7.8 High2025-01-14
CVE-2025-0463 Shanghai Lingdang Information Technology Lingdang CRM index.php unrestricted upload — Lingdang CRM 6.3 Medium2025-01-14
CVE-2025-0460 Blog Botz for Journal Theme blog_add unrestricted upload — Blog Botz for Journal Theme 7.3 High2025-01-14
CVE-2025-0394 Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function — Groundhogg — CRM, Newsletters, and Marketing Automation 8.8 High2025-01-14
CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) — SAP NetWeaver AS JAVA (User Admin Application) 4.8 Medium2025-01-14
CVE-2024-46479 Venki Supravizio BPM 安全漏洞 — Supravizio BPM 9.9 Critical2025-01-13
CVE-2025-0402 1902756969 reggie CommonController.java upload unrestricted upload — reggie 6.3 Medium2025-01-12

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.