Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-6117 Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type — MeetingHub Paperless Meetings 7.8AIHighAI2024-08-05
CVE-2024-7450 itsourcecode Placement Management System Image resume_upload.php unrestricted upload — Placement Management System 6.3 Medium2024-08-04
CVE-2024-7257 YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function — YayExtra – WooCommerce Extra Product Options 9.8 Critical2024-08-03
CVE-2024-7342 Baidu UEditor unrestricted upload — UEditor 3.5 Low2024-08-01
CVE-2024-34021 ELECOM WRC-2533GS2V-B、WRC-2533GS2-B、WRC-2533GS2-W 安全漏洞 — WRC-1167GST2 7.2AIHighAI2024-08-01
CVE-2024-7329 YouDianCMS image_upload.php unrestricted upload — YouDianCMS 6.3 Medium2024-07-31
CVE-2024-40645 FOG Authenticated File Upload RCE — fogproject 8.8 High2024-07-31
CVE-2024-7277 itsourcecode Alton Management System Add a Menu menu.php unrestricted upload — Alton Management System 4.7 Medium2024-07-30
CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment — admidio 9.1 Critical2024-07-29
CVE-2024-7192 itsourcecode Society Management System student.php unrestricted upload — Society Management System 6.3 Medium2024-07-29
CVE-2024-7189 itsourcecode Online Food Ordering System editproduct.php unrestricted upload — Online Food Ordering System 6.3 Medium2024-07-29
CVE-2024-6431 Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload — Media.net Ads Manager 8.8 High2024-07-27
CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload — Social Auto Poster 8.8 High2024-07-24
CVE-2024-6828 Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting — Redux Framework 7.2 High2024-07-23
CVE-2024-6958 itsourcecode University Management System Avatar File st_update.php unrestricted upload — University Management System 6.3 Medium2024-07-21
CVE-2024-6948 Gargaj wuhu Slide Editor slideeditor.php unrestricted upload — wuhu 6.3 Medium2024-07-21
CVE-2024-6945 Flute CMS Avatar Upload Page ImagesController.php unrestricted upload — CMS 6.3 Medium2024-07-21
CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload — Brizy – Page Builder 8.8 High2024-07-18
CVE-2024-20296 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 4.7 Medium2024-07-17
CVE-2024-27311 Arbitrary file writing — DDI Central 5.5 Medium2024-07-17
CVE-2024-31411 Apache StreamPipes: Potential remote code execution (RCE) via file upload — Apache StreamPipes 8.8AIHighAI2024-07-17
CVE-2024-6220 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload — 简数采集器 9.8 Critical2024-07-17
CVE-2024-6801 SourceCodester Online Student Management System add-students.php unrestricted upload — Online Student Management System 6.3 Medium2024-07-17
CVE-2024-6730 Nanjing Xingyuantu Technology SparkShop uploadFile unrestricted upload — SparkShop 6.3 Medium2024-07-14
CVE-2024-38736 WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability — Realtyna Organic IDX plugin 9.1 Critical2024-07-12
CVE-2024-38734 WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability — Import Spreadsheets from Microsoft Excel 9.1 Critical2024-07-12
CVE-2024-5911 PAN-OS: File Upload Vulnerability in the Panorama Web Interface — PAN-OS 6.5AIMediumAI2024-07-10
CVE-2024-6647 Croogo Setting Theme unrestricted upload — Croogo 4.7 Medium2024-07-10
CVE-2023-7061 Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload — Advanced File Manager Shortcodes 8.8 High2024-07-10
CVE-2024-39865 Siemens SINEMA Remote Connect Server 代码问题漏洞 — SINEMA Remote Connect Server 8.8 High2024-07-09

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.