Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-40691 IBM Cognos Controller file upload — Cognos Controller 8.0 High2024-12-03
CVE-2024-25019 IBM Cognos Controller file upload — Cognos Controller 5.5 Medium2024-12-03
CVE-2024-11391 Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload — Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution 7.5 High2024-12-03
CVE-2024-52476 WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability — Fediverse Embeds 10.0 Critical2024-12-02
CVE-2024-53564 FreePBX 安全漏洞 — FreePBX 2.2 Low2024-12-02
CVE-2024-52490 WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability — Pathomation 10.0 Critical2024-11-28
CVE-2024-11082 Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function — Tumult Hype Animations 9.9 Critical2024-11-28
CVE-2024-8066 File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload — File Manager Pro – Filester 7.5 High2024-11-28
CVE-2024-9504 Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Booking calendar, Appointment Booking System 7.2 High2024-11-26
CVE-2024-11674 CodeAstro Hospital Management System his_doc_update-account.php unrestricted upload — Hospital Management System 6.3 Medium2024-11-25
CVE-2024-11661 Codezips Free Exam Hall Seating Management System Profile Image profile.php unrestricted upload — Free Exam Hall Seating Management System 4.3 Medium2024-11-25
CVE-2024-9659 School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload — School Management System for Wordpress 9.8 Critical2024-11-23
CVE-2024-9942 WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload — WPGYM - Wordpress Gym Management System 9.8 Critical2024-11-23
CVE-2024-9660 School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload — School Management System for Wordpress 8.8 High2024-11-23
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload — WebCTRL 9.8AICriticalAI2024-11-21
CVE-2024-11404 File Upload Bypass in django Filer — django Filer 5.5 Medium2024-11-20
CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts) — Markus 8.8AIHighAI2024-11-18
CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts) — Markus 8.8AIHighAI2024-11-18
CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability — WP Quick Setup 9.9 Critical2024-11-18
CVE-2024-52397 WordPress Convert Docx2post plugin <= 1.4 - Arbitrary File Upload vulnerability — Convert Docx2post 9.1 Critical2024-11-16
CVE-2024-52398 WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability — CDI 9.1 Critical2024-11-16
CVE-2024-52399 WordPress Writer Helper plugin <= 3.1.6 - Arbitrary File Upload vulnerability — Writer Helper 9.9 Critical2024-11-16
CVE-2024-52400 WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability — Gallerio 9.9 Critical2024-11-16
CVE-2024-52403 WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability — User Management 9.9 Critical2024-11-16
CVE-2024-52404 WordPress CF7 Reply Manager plugin <= 1.2.3 - Arbitrary File Upload vulnerability — CF7 Reply Manager 9.9 Critical2024-11-16
CVE-2024-52405 WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability — B-Banner Slider 9.9 Critical2024-11-16
CVE-2024-52406 WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability — CSV to html 9.9 Critical2024-11-16
CVE-2024-52407 WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability — BasePress Migration Tools 9.9 Critical2024-11-16
CVE-2024-52408 WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability — Push Notifications for WordPress by PushAssist 9.9 Critical2024-11-16
CVE-2024-8856 Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload — Backup and Staging by WP Time Capsule 9.8 Critical2024-11-16

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.