Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11000 CodeAstro Real Estate Management System About Us Page aboutedit.php unrestricted upload — Real Estate Management System 4.7 Medium2024-11-08
CVE-2024-10999 CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload — Real Estate Management System 4.7 Medium2024-11-08
CVE-2024-10994 Codezips Online Institute Management System edit_user.php unrestricted upload — Online Institute Management System 6.3 Medium2024-11-08
CVE-2024-10993 Codezips Online Institute Management System manage_website.php unrestricted upload — Online Institute Management System 6.3 Medium2024-11-08
CVE-2024-10668 Auth Bypass in Quickshare — Nearby 7.5AIHighAI2024-11-07
CVE-2024-8615 WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload — JobSearch WP Job Board 10.0 Critical2024-11-06
CVE-2024-8614 WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload — JobSearch WP Job Board 9.9 Critical2024-11-06
CVE-2024-9307 mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files — mFolio Lite 9.9 Critical2024-11-06
CVE-2024-10766 Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload — Free Exam Hall Seating Management System 6.3 Medium2024-11-04
CVE-2024-10765 Codezips Online Institute Management System profile.php unrestricted upload — Online Institute Management System 6.3 Medium2024-11-04
CVE-2024-10764 Codezips Online Institute Management System save_user.php unrestricted upload — Online Institute Management System 6.3 Medium2024-11-04
CVE-2024-50523 WordPress All Post Contact Form plugin <= 1.8.2 - Arbitrary File Upload vulnerability — All Post Contact Form 10.0 Critical2024-11-04
CVE-2024-50525 WordPress Helloprint plugin <= 2.0.4 - Arbitrary File Upload vulnerability — Helloprint 10.0 Critical2024-11-04
CVE-2024-50526 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability — Multi Purpose Mail Form 10.0 Critical2024-11-04
CVE-2024-50527 WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability — Stacks Mobile App Builder 10.0 Critical2024-11-04
CVE-2024-50529 WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability — Training – Courses 9.9 Critical2024-11-04
CVE-2024-50530 WordPress Stars SMTP Mailer plugin <= 2.2.1 - Arbitrary File Upload vulnerability — Stars SMTP Mailer 9.9 Critical2024-11-04
CVE-2024-50531 WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability — RSVPMaker for Toastmasters 10.0 Critical2024-11-04
CVE-2024-10392 AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload — AI Puffer – Your AI engine for WordPress (formerly AI Power) 9.8 Critical2024-10-31
CVE-2024-50510 WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability — AR For Woocommerce 10.0 Critical2024-10-30
CVE-2024-50511 WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability — WP donimedia carousel 9.9 Critical2024-10-30
CVE-2024-7985 FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload — FileOrganizer – WordPress File Manager 7.5 High2024-10-29
CVE-2024-50420 WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability — aDirectory 10.0 Critical2024-10-29
CVE-2024-50427 WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability — SurveyJS 9.9 Critical2024-10-29
CVE-2024-50473 WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability — Ajar in5 Embed 10.0 Critical2024-10-29
CVE-2024-50480 WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability — Marketing Automation by AZEXO 9.9 Critical2024-10-29
CVE-2024-50482 WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability — Woocommerce Product Design 10.0 Critical2024-10-29
CVE-2024-50484 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability — Multi Purpose Mail Form 10.0 Critical2024-10-29
CVE-2024-50493 WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability — Automatic Translation 10.0 Critical2024-10-29
CVE-2024-50494 WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability — Sudan Payment Gateway for WooCommerce 10.0 Critical2024-10-29

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.