Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability — Newspack Blocks 9.9 Critical2024-07-09
CVE-2024-37420 WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability — Zita Elementor Site Library 9.9 Critical2024-07-09
CVE-2024-37418 WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability — Church Admin 7.2AIHighAI2024-07-09
CVE-2024-6313 Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload — Gutenberg Forms – WordPress Form Builder Plugin 9.8 Critical2024-07-09
CVE-2024-6314 IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload — IQ Testimonials 9.8 Critical2024-07-09
CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder 7.2 High2024-07-09
CVE-2024-6161 Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload — Default Thumbnail Plus 8.8 High2024-07-09
CVE-2024-37555 WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerability — Generate PDF using Contact Form 7 9.6 Critical2024-07-09
CVE-2024-5441 Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload — Modern Events Calendar 8.8 High2024-07-09
CVE-2024-34692 [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now — SAP Enable Now 3.3 Low2024-07-09
CVE-2024-6319 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload' — IMGspider – 图片采集抓取插件 8.8 High2024-07-04
CVE-2024-6318 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' — IMGspider – 图片采集抓取插件 8.8 High2024-07-04
CVE-2024-6439 SourceCodester Home Owners Collection Management System unrestricted upload — Home Owners Collection Management System 6.3 Medium2024-07-02
CVE-2024-36987 Insecure File Upload in the indexing/preview REST endpoint — Splunk Enterprise 4.3 Medium2024-07-01
CVE-2024-3123 CHANGING Mobile One Time Password - Arbitrary File Upload — Mobile One Time Password 7.2 High2024-07-01
CVE-2024-6373 itsourcecode Online Food Ordering System addproduct.php unrestricted upload — Online Food Ordering System 7.3 High2024-06-27
CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload — Auto Featured Image 8.8 High2024-06-27
CVE-2024-5008 WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability — WhatsUp Gold 8.8 High2024-06-25
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability — IP Office 9.9 Critical2024-06-25
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability — InstaWP Connect 10.0 Critical2024-06-24
CVE-2024-6280 SourceCodester Simple Online Bidding System unrestricted upload — Simple Online Bidding System 6.3 Medium2024-06-24
CVE-2024-35767 WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability — Squeeze 9.1 Critical2024-06-21
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload — Adminer 9.8 -2024-06-21
CVE-2024-28147 Unrestricted Upload of Files in edu-sharing — edu-sharing 8.2AIHighAI2024-06-20
CVE-2024-5853 Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload — Image Optimizer, Resizer and CDN – Sirv 9.9 Critical2024-06-19
CVE-2024-6132 Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload — Pexels: Free Stock Photos 8.8 High2024-06-19
CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload — Salon Booking System – Free Version 9.8 Critical2024-06-19
CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload — AliExpress Dropshipping Plugin for WooCommerce & WordPress 8.8 High2024-06-19
CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload — Simple Online Hotel Reservation System 7.3 High2024-06-18
CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload — Simple Online Hotel Reservation System 7.3 High2024-06-18

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.