Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0399 StarSea99 starsea-mall uploadController.java UploadController unrestricted upload — starsea-mall 4.7 Medium2025-01-12
CVE-2024-42180 HCL MyXalytics is affected by a malicious file upload vulnerability — DRYiCE MyXalytics 1.6 Low2025-01-12
CVE-2025-22504 WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability — 4ECPS Web Forms 10.0 Critical2025-01-09
CVE-2025-0346 code-projects Content Management System Publish News Page publishnews.php unrestricted upload — Content Management System 4.7 Medium2025-01-09
CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/ — Iocharger firmware for AC models 7.0 -2025-01-09
CVE-2025-0341 CampCodes Computer Laboratory Management System edit unrestricted upload — Computer Laboratory Management System 6.3 Medium2025-01-09
CVE-2025-0335 code-projects Online Bike Rental System Change Image unrestricted upload — Online Bike Rental System 6.3 Medium2025-01-09
CVE-2024-13212 SingMR HouseRent AddHouseController.java upload unrestricted upload — HouseRent 6.3 Medium2025-01-09
CVE-2024-13210 donglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted upload — bookstore电商书城系统说明 4.7 Medium2025-01-09
CVE-2024-13201 wander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted upload — SpringBoot-Blog 4.7 Medium2025-01-09
CVE-2024-13191 ZeroWdd myblog uploadController.java upload unrestricted upload — myblog 6.3 Medium2025-01-08
CVE-2024-12853 Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload — Modula Image Gallery – Photo Grid & Video Gallery 8.8 High2025-01-08
CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload — Garden Gnome Package 8.8 High2025-01-08
CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution — clipbucket-v5 9.8 Critical2025-01-07
CVE-2024-43243 WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability — JobBoard Job listing 10.0 Critical2025-01-07
CVE-2024-13145 zhenfeng13 My-Blog uploadController. java upload unrestricted upload — My-Blog 6.3 Medium2025-01-06
CVE-2024-13144 zhenfeng13 My-Blog BlogController.java uploadFileByEditomd unrestricted upload — My-Blog 6.3 Medium2025-01-06
CVE-2024-13138 wangl1989 mysiteforme LocalUploadServiceImpl upload unrestricted upload — mysiteforme 4.7 Medium2025-01-05
CVE-2024-13134 ZeroWdd studentmanager TeacherController. java editTeacher unrestricted upload — studentmanager 6.3 Medium2025-01-05
CVE-2024-13133 ZeroWdd studentmanager StudentController. java editStudent unrestricted upload — studentmanager 6.3 Medium2025-01-05
CVE-2025-0213 Campcodes Project Management System update_forms.php unrestricted upload — Project Management System 6.3 Medium2025-01-04
CVE-2025-22389 Optimizely EPiServer.CMS.Core 安全漏洞 — n/a 8.3 -2025-01-04
CVE-2024-56264 WordPress ACF City Selector plugin <= 1.14.0 - Arbitrary File Upload vulnerability — ACF City Selector 6.6 Medium2025-01-02
CVE-2024-56249 WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Upload vulnerability — WPMasterToolKit 9.1 Critical2025-01-02
CVE-2024-56829 Huang Yaoshi Pharmaceutical Management Software 安全漏洞 — n/a 10.0 Critical2025-01-02
CVE-2024-56064 WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability — WP SuperBackup 10.0 Critical2024-12-31
CVE-2024-56046 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability — WPLMS 10.0 Critical2024-12-31
CVE-2024-13022 taisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted upload — tarzan-cms 6.3 Medium2024-12-29
CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 — LinkAce 7.6 High2024-12-27
CVE-2024-12956 1000 Projects Portfolio Management System MCA add_achievement_details.php unrestricted upload — Portfolio Management System MCA 6.3 Medium2024-12-26

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.