Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-49398 Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100 — M-Bus Metering Gateway CMe3100 9.8AICriticalAI2024-10-17
CVE-2024-48034 WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability — Creates 3D Flipbook, PDF Flipbook 9.9 Critical2024-10-16
CVE-2024-49216 WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability — Feed Comments Number 8.8 -2024-10-16
CVE-2024-49242 WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability — Digital Lottery 9.8 -2024-10-16
CVE-2024-49260 WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability — WordPress Gallery Plugin – Limb Image Gallery 9.9 Critical2024-10-16
CVE-2024-47649 WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability — Iconize 9.1 Critical2024-10-16
CVE-2024-48027 WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability — External featured image from bing 9.9 Critical2024-10-16
CVE-2024-48035 WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability — ACF Images Search And Insert 9.9 Critical2024-10-16
CVE-2024-49257 WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability — Azz Anonim Posting 10.0 Critical2024-10-16
CVE-2020-36842 Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload — WPvivid — Backup, Migration & Staging 8.8 High2024-10-16
CVE-2016-15042 Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload — N-Media Post Front-end Form 9.8 Critical2024-10-16
CVE-2024-8746 File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload — File Manager Pro 7.5 High2024-10-16
CVE-2021-4449 ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload — ZoomSounds - WordPress Wave Audio Player with Playlist 9.8 Critical2024-10-16
CVE-2021-4443 WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation — QuadMenu – Mega Menu 9.8 Critical2024-10-16
CVE-2024-8918 File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload — File Manager Pro 7.4 High2024-10-16
CVE-2024-9975 SourceCodester Drag and Drop Image Upload upload.php unrestricted upload — Drag and Drop Image Upload 6.3 Medium2024-10-15
CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload — Enterprise Cloud Database 10.0 Critical2024-10-15
CVE-2024-9904 07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload — 07FLYCMS 4.7 Medium2024-10-13
CVE-2024-9903 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload — 07FLYCMS 4.7 Medium2024-10-12
CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload — 07FLYCMS 4.7 Medium2024-10-11
CVE-2024-9816 Codezips Tourist Management System change-image.php unrestricted upload — Tourist Management System 4.7 Medium2024-10-10
CVE-2024-9815 Codezips Tourist Management System create-package.php unrestricted upload — Tourist Management System 4.7 Medium2024-10-10
CVE-2024-9794 Codezips Online Shopping Portal update-image1.php unrestricted upload — Online Shopping Portal 6.3 Medium2024-10-10
CVE-2024-47423 Adobe Framemaker | Unrestricted Upload of File with Dangerous Type (CWE-434) — Adobe Framemaker 7.8 High2024-10-09
CVE-2024-45137 InDesign Desktop | Unrestricted Upload of File with Dangerous Type (CWE-434) — InDesign Desktop 7.8 High2024-10-09
CVE-2024-45136 InCopy | Unrestricted Upload of File with Dangerous Type (CWE-434) — InCopy 7.8 High2024-10-09
CVE-2024-37179 Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) — SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 7.7 High2024-10-08
CVE-2024-47319 WordPress Bit Form plugin <= 2.13.10 - Arbitrary File Upload vulnerability — Bit Form 8.0 High2024-10-05
CVE-2024-9417 Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload — Hash Form – Drag & Drop Form Builder 6.1 Medium2024-10-05
CVE-2024-8743 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload — File Manager 6.8 Medium2024-10-05

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.