Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-9849 Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder <= 4.8 - Authenticated (Author+) Arbitrary File Upload — Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder 8.8 High2024-11-16
CVE-2024-52369 WordPress KBucket plugin <= 4.2.2 - Arbitrary File Upload vulnerability — KBucket 9.9 Critical2024-11-14
CVE-2024-52370 WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability — Hive Support 9.9 Critical2024-11-14
CVE-2024-52372 WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability — Easy CSV Importer BETA 10.0 Critical2024-11-14
CVE-2024-52373 WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability — Devexhub Gallery 10.0 Critical2024-11-14
CVE-2024-52374 WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability — Do That Task 10.0 Critical2024-11-14
CVE-2024-52375 WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability — Datasets Manager by Arttia Creative 10.0 Critical2024-11-14
CVE-2024-52376 WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability — Boat Rental Plugin for WordPress 10.0 Critical2024-11-14
CVE-2024-52377 WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability — Instant Image Generator 10.0 Critical2024-11-14
CVE-2024-52379 WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability — kineticPay for WooCommerce 10.0 Critical2024-11-14
CVE-2024-52380 WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability — Picsmize 10.0 Critical2024-11-14
CVE-2024-52384 WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability — Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation 9.9 Critical2024-11-14
CVE-2024-11214 SourceCodester Best Employee Management System profile.php unrestricted upload — Best Employee Management System 4.7 Medium2024-11-14
CVE-2024-52302 common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE) — Java-springboot-codebase 8.8AIHighAI2024-11-14
CVE-2024-11211 EyouCMS Website Logo unrestricted upload — EyouCMS 4.7 Medium2024-11-14
CVE-2024-10820 WooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File Upload — WooCommerce Upload Files 9.8 Critical2024-11-13
CVE-2024-11138 DedeCMS friendlink_add.php unrestricted upload — DedeCMS 2.7 Low2024-11-12
CVE-2024-11122 上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload — Lingdang CRM 6.3 Medium2024-11-12
CVE-2024-11018 Grand Vice info Webopac - Arbitrary File Upload — Webopac 9.8 Critical2024-11-11
CVE-2024-11017 Grand Vice info Webopac - Arbitrary File Upload — Webopac 8.8 High2024-11-11
CVE-2024-51788 WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability — The Novel Design Store Directory 10.0 Critical2024-11-11
CVE-2024-51789 WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability — Image Classify 10.0 Critical2024-11-11
CVE-2024-51790 WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability — HB AUDIO GALLERY 10.0 Critical2024-11-11
CVE-2024-51791 WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability — Forms 10.0 Critical2024-11-11
CVE-2024-51792 WordPress Audio Record plugin <= 1.0 - Arbitrary File Upload vulnerability — Audio Record 10.0 Critical2024-11-11
CVE-2024-51793 WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability — RepairBuddy 10.0 Critical2024-11-11
CVE-2024-11054 SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload — Simple Music Cloud Community System 6.3 Medium2024-11-10
CVE-2024-10801 WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload — WordPress User Extra Fields 9.8 Critical2024-11-09
CVE-2024-10547 WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload — WP Membership 9.8 Critical2024-11-09
CVE-2024-10627 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload — WooCommerce Support Ticket System 9.8 Critical2024-11-09

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.