Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12954 1000 Projects Portfolio Management System MCA update_ach.php unrestricted upload — Portfolio Management System MCA 6.3 Medium2024-12-26
CVE-2024-12953 1000 Projects Portfolio Management System MCA update_pd_process.php unrestricted upload — Portfolio Management System MCA 6.3 Medium2024-12-26
CVE-2024-12951 1000 Projects Portfolio Management System MCA add_personal_details.php unrestricted upload — Portfolio Management System MCA 6.3 Medium2024-12-26
CVE-2024-10584 DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting — DirectoryPress – Business Directory And Classified Ad Listing 5.4 Medium2024-12-24
CVE-2024-40695 IBM Cognos Analytics file upload — Cognos Analytics 8.0 High2024-12-20
CVE-2024-12700 Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type — AggreGate Network Manager 8.8 High2024-12-19
CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type — Corporate Training Management System 8.8 -2024-12-19
CVE-2024-56050 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability — WPLMS 9.9 Critical2024-12-18
CVE-2024-56052 WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability — WPLMS 9.9 Critical2024-12-18
CVE-2024-56054 WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability — WPLMS 9.1 Critical2024-12-18
CVE-2024-56057 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability — WPLMS 9.9 Critical2024-12-18
CVE-2024-54285 WordPress SeedProd Pro plugin <= 6.18.13 - Remote Code Execution (RCE) vulnerability — SeedProd Pro 9.1 Critical2024-12-16
CVE-2024-54370 WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability — Video & Photo Gallery for Ultimate Member 9.9 Critical2024-12-16
CVE-2024-12478 InvoicePlane 1 upload_file unrestricted upload — InvoicePlane 6.3 Medium2024-12-16
CVE-2024-9698 Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files — Crafthemes Demo Import 7.2 High2024-12-14
CVE-2024-54262 WordPress Import Export For WooCommerce plugin <= 1.6.2 - Arbitrary File Upload vulnerability — Import Export For WooCommerce 9.9 Critical2024-12-13
CVE-2024-9290 Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload — Super Backup & Clone - Migrate for WordPress 9.8 Critical2024-12-13
CVE-2024-12042 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) — MStore API – Create Native Android & iOS Apps On The Cloud 5.4 Medium2024-12-13
CVE-2024-10590 Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload — Opt-In Downloads 8.8 High2024-12-12
CVE-2024-47946 OS Command Execution through Arbitrary File Upload — Scan2Net 8.8 -2024-12-10
CVE-2024-53822 WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability — Pie Register Premium 10.0 Critical2024-12-09
CVE-2024-54214 WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability — Revy 10.0 Critical2024-12-06
CVE-2024-53811 WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability — WDesignkit 6.6 Medium2024-12-06
CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation — Pubnews 8.8 High2024-12-06
CVE-2024-12233 code-projects Online Notice Board Profile Picture registration.php unrestricted upload — Online Notice Board 7.3 High2024-12-05
CVE-2024-51548 Dangerous File Upload — ASPECT-Enterprise 9.9 Critical2024-12-05
CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example — ZOO-Project 9.1 -2024-12-04
CVE-2024-40744 Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8 — Convert Forms component for Joomla 9.8 -2024-12-04
CVE-2024-25020 IBM Cognos Controller file upload — Cognos Controller 5.5 Medium2024-12-03
CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders — synapse 6.5 -2024-12-03

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.