Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-35002 BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability — Track-It! 8.8 -2024-05-07
CVE-2024-4345 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload — Startklar Elementor Addons 9.8 Critical2024-05-07
CVE-2024-4500 SourceCodester Prison Management System edit-photo.php unrestricted upload — Prison Management System 6.3 Medium2024-05-05
CVE-2023-51590 Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability — ViewPower Pro 9.8 -2024-05-03
CVE-2023-39463 Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability — SCADA Data Gateway 8.8 -2024-05-03
CVE-2023-39462 Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability — SCADA Data Gateway 8.8 -2024-05-03
CVE-2023-38098 NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability — ProSAFE Network Management System 8.8 -2024-05-03
CVE-2023-38095 NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability — ProSAFE Network Management System 8.8 -2024-05-03
CVE-2024-2667 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload — InstaWP Connect – 1-click WP Staging & Migration 9.8 Critical2024-05-02
CVE-2024-4033 All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image — All-in-One Video Gallery 8.8 High2024-05-02
CVE-2024-1567 Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload — Royal Addons for Elementor – Addons and Templates Kit for Elementor 8.2 High2024-05-02
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload — Pisay Online E-Learning System 7.3 High2024-04-30
CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank — HubBank 9.9 Critical2024-04-29
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE — pyload 9.1 Critical2024-04-26
CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file — PPOM – Product Addons & Custom Fields for WooCommerce 9.8 Critical2024-04-26
CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community — UvDesk Community 10.0 Critical2024-04-25
CVE-2023-31090 WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability — Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 9.9 Critical2024-04-24
CVE-2024-32954 WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability — Newsletters 9.1 Critical2024-04-24
CVE-2024-32836 WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Arbitrary File Upload vulnerability — WP-Lister Lite for eBay 9.1 Critical2024-04-24
CVE-2024-3948 SourceCodester Home Clean Service System Photo student.add.php unrestricted upload — Home Clean Service System 6.3 Medium2024-04-18
CVE-2024-32514 WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability — WP Poll Maker 9.9 Critical2024-04-17
CVE-2024-3804 Vesystem Cloud Desktop fileupload2.php unrestricted upload — Cloud Desktop 6.3 Medium2024-04-15
CVE-2024-3803 Vesystem Cloud Desktop fileupload.php unrestricted upload — Cloud Desktop 6.3 Medium2024-04-15
CVE-2024-3778 Ai3 QbiBot - Unrestricted File Upload — QbiBot 7.2 High2024-04-15
CVE-2024-3736 cym1102 nginxWebUI upload unrestricted upload — nginxWebUI 4.3 Medium2024-04-13
CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys — OpenGnsys 8.8 High2024-04-12
CVE-2023-51409 WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability — AI Engine: ChatGPT Chatbot 10.0 Critical2024-04-12
CVE-2024-3344 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting — Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE 6.4 Medium2024-04-11
CVE-2024-31214 Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution — traccar 9.7 Critical2024-04-10
CVE-2024-2221 Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant — qdrant/qdrant 9.8AICriticalAI2024-04-10

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.