Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-6114 itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload — Monbela Tourist Inn Online Reservation System 7.3 High2024-06-18
CVE-2024-6110 itsourcecode Magbanua Beach Resort Online Reservation System controller.php unrestricted upload — Magbanua Beach Resort Online Reservation System 7.3 High2024-06-18
CVE-2024-6084 itsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted upload — Pool of Bethesda Online Reservation System 7.3 High2024-06-18
CVE-2024-6083 PHPVibe Media Upload Page upload-mp3.php unrestricted upload — PHPVibe 6.3 Medium2024-06-17
CVE-2024-3912 ASUS Router - Upload arbitrary firmware — DSL-N17U 9.8 Critical2024-06-14
CVE-2024-31161 ASUS Download Master - Arbitrary File Upload — Download Master 7.2 High2024-06-14
CVE-2024-36396 Verint - CWE-434: Unrestricted Upload of File with Dangerous Type — WFO 8.8 High2024-06-13
CVE-2024-34110 RCE in the Adobe Commerce Webhook module through a legit webhook definition — Adobe Commerce 7.2 High2024-06-13
CVE-2024-1659 Arbitrary File Upload in MegaBIP — MegaBIP 9.8AICriticalAI2024-06-12
CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service) — SAP Document Builder 6.5 Medium2024-06-11
CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability — BuddyPress Cover 10.0 Critical2024-06-10
CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload — Engineering Lifecycle Optimization Publishing 6.5 Medium2024-06-09
CVE-2024-5745 itsourcecode Bakery Online Ordering System unrestricted upload — Bakery Online Ordering System 7.3 High2024-06-07
CVE-2024-5734 itsourcecode Online Discussion Forum poster.php unrestricted upload — Online Discussion Forum 6.3 Medium2024-06-07
CVE-2024-5278 Unrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt 9.8AICriticalAI2024-06-06
CVE-2023-33930 WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability — Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 9.1 Critical2024-06-04
CVE-2024-29974 Zyxel NAS326和Zyxel NAS542 代码问题漏洞 — NAS326 firmware 9.8 Critical2024-06-04
CVE-2024-5518 itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload — Online Discussion Forum 6.3 Medium2024-05-30
CVE-2024-3412 WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload — WP STAGING – WordPress Backup, Restore & Migration 9.1 Critical2024-05-29
CVE-2024-5377 SourceCodester Vehicle Management System newvehicle.php unrestricted upload — Vehicle Management System 7.3 High2024-05-26
CVE-2024-1332 Custom Fonts – Host Your Fonts Locally <= 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting — Custom Fonts – Host Your Fonts Locally 6.4 Medium2024-05-24
CVE-2024-5247 NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability — ProSAFE Network Management System 8.8AIHighAI2024-05-23
CVE-2024-5084 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution — Hash Form – Drag & Drop Form Builder 9.8 Critical2024-05-23
CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload — Vehicle Management System 6.3 Medium2024-05-20
CVE-2024-5050 Wangshen SecGate 3600 ?g=log_import_save unrestricted upload — SecGate 3600 6.3 Medium2024-05-17
CVE-2024-5049 Codezips E-Commerce Site editproduct.php unrestricted upload — E-Commerce Site 6.3 Medium2024-05-17
CVE-2024-5047 SourceCodester Student Management System controller.php unrestricted upload — Student Management System 7.3 High2024-05-17
CVE-2024-5043 Emlog Pro setting.php unrestricted upload — Emlog Pro 4.7 Medium2024-05-17
CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability — ActiveDEMAND 10.0 Critical2024-05-17
CVE-2023-25444 WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability — JS Help Desk – Best Help Desk & Support Plugin 9.1 Critical2024-05-17

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.