CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-31351	WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability — Copymatic – AI Content Writer & Generator	10.0	Critical	2024-05-17
CVE-2024-33556	WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability — XStore Core	8.2	High	2024-05-17
CVE-2024-4966	SourceCodester SchoolWebTech home.php unrestricted upload — SchoolWebTech	7.3	High	2024-05-16
CVE-2024-4964	D-Link DAR-7000-40 urlblist.php unrestricted upload — DAR-7000-40	6.3	Medium	2024-05-16
CVE-2024-4963	D-Link DAR-7000-40 url.php unrestricted upload — DAR-7000-40	6.3	Medium	2024-05-16
CVE-2024-4962	D-Link DAR-7000-40 resmanage.php unrestricted upload — DAR-7000-40	6.3	Medium	2024-05-16
CVE-2024-4961	D-Link DAR-7000-40 onlineuser.php unrestricted upload — DAR-7000-40	6.3	Medium	2024-05-16
CVE-2024-4960	D-Link DAR-7000-40 licenseauthorization.php unrestricted upload — DAR-7000-40	6.3	Medium	2024-05-16
CVE-2024-4946	SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload — Online Art Gallery Management System	6.3	Medium	2024-05-16
CVE-2024-4945	SourceCodester Best Courier Management System view_parcel.php unrestricted upload — Best Courier Management System	4.3	Medium	2024-05-16
CVE-2024-4927	SourceCodester Simple Online Bidding System unrestricted upload — Simple Online Bidding System	7.3	High	2024-05-16
CVE-2024-4923	Codezips E-Commerce Site addproduct.php unrestricted upload — E-Commerce Site	6.3	Medium	2024-05-16
CVE-2024-4921	SourceCodester Employee and Visitor Gate Pass Logging System unrestricted upload — Employee and Visitor Gate Pass Logging System	6.3	Medium	2024-05-16
CVE-2024-4920	SourceCodester Online Discussion Forum Site registerH.php unrestricted upload — Online Discussion Forum Site	7.3	High	2024-05-16
CVE-2024-4904	Byzoro Smart S200 Management Platform userattestation.php unrestricted upload — Smart S200 Management Platform	6.3	Medium	2024-05-15
CVE-2024-33006	File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP Platform	9.6	Critical	2024-05-14
CVE-2023-50717	NocoDB Allows Preview of File with Dangerous Content — nocodb	5.7	Medium	2024-05-13
CVE-2024-4820	SourceCodester Online Computer and Laptop Store unrestricted upload — Online Computer and Laptop Store	6.3	Medium	2024-05-13
CVE-2024-4825	Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo — Cockpit CMS	9.8	Critical	2024-05-13
CVE-2024-31377	WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability — WP Photo Album Plus	10.0	Critical	2024-05-13
CVE-2024-34411	WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability — canvasio3D Light	9.9	Critical	2024-05-13
CVE-2024-34416	WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability — Pk Favicon Manager	9.1	Critical	2024-05-13
CVE-2024-34440	WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability — AI Engine: ChatGPT Chatbot	9.1	Critical	2024-05-13
CVE-2024-34555	WordPress Z-Downloads plugin <= 1.11.3 - Auth. Arbitrary File Upload vulnerability — Z-Downloads	9.1	Critical	2024-05-13
CVE-2024-32700	WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability — Kognetiks Chatbot for WordPress	10.0	Critical	2024-05-13
CVE-2024-4809	SourceCodester Open Source Clinic Management System setting.php unrestricted upload — Open Source Clinic Management System	6.3	Medium	2024-05-13
CVE-2023-47711	IBM Security Guardium denial of service — Security Guardium	2.7	Low	2024-05-11
CVE-2024-4560	Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function — Kognetiks Chatbot for WordPress	9.8	Critical	2024-05-11
CVE-2024-4397	LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	8.8	High	2024-05-09
CVE-2024-4681	Campcodes Legal Case Management System Setting general-setting unrestricted upload — Legal Case Management System	4.7	Medium	2024-05-09

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018