Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-3521 Byzoro Smart S80 Management Platform userattestation.php unrestricted upload — Smart S80 Management Platform 4.7 Medium2024-04-09
CVE-2024-2334 Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload — Template Kit – Import 6.4 Medium2024-04-09
CVE-2024-2125 EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload — EnvíaloSimple: Email Marketing y Newsletters 8.8 High2024-04-09
CVE-2024-31454 PsiTransfer file integrity violation vulnerability — psitransfer 6.5 Medium2024-04-09
CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution — psitransfer 6.5 Medium2024-04-09
CVE-2024-3444 Wangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted upload — SecGate 3600 4.7 Medium2024-04-08
CVE-2024-3437 SourceCodester Prison Management System Avatar add-admin.php unrestricted upload — Prison Management System 7.3 High2024-04-08
CVE-2024-3436 SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload — Prison Management System 6.3 Medium2024-04-07
CVE-2024-31280 WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability — Church Admin 7.2AIHighAI2024-04-07
CVE-2024-31286 WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability — WP Photo Album Plus 9.9 Critical2024-04-07
CVE-2024-31292 WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability — Import XML and RSS Feeds 7.2 High2024-04-07
CVE-2024-31345 WordPress Auto Poster plugin <= 1.2 - Arbitrary File Upload vulnerability — Auto Poster 9.1 Critical2024-04-07
CVE-2024-3369 code-projects Car Rental add-vehicle.php unrestricted upload — Car Rental 6.3 Medium2024-04-06
CVE-2024-31210 PHP file upload bypass via Plugin installer — wordpress-develop 7.7 High2024-04-04
CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress 7.2 High2024-04-04
CVE-2024-27951 WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability — Multiple Page Generator Plugin – MPG 9.1 Critical2024-04-03
CVE-2024-3129 SourceCodester Image Accordion Gallery App add-image.php unrestricted upload — Image Accordion Gallery App 6.3 Medium2024-04-01
CVE-2024-30533 WordPress Layouts for Elementor plugin < 1.8 - Arbitrary File Upload vulnerability — Layouts for Elementor 7.5 High2024-03-31
CVE-2024-31114 WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability — Shortcode Addons 9.1 Critical2024-03-31
CVE-2024-31115 WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability — Chauffeur Taxi Booking System for WordPress 10.0 Critical2024-03-31
CVE-2024-3117 YouDianCMS ChannelAction.class.php unrestricted upload — YouDianCMS 4.7 Medium2024-03-31
CVE-2024-30510 WordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerability — Salon booking system 10.0 Critical2024-03-29
CVE-2024-30500 WordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerability — CubeWP – All-in-One Dynamic Content Framework 9.9 Critical2024-03-29
CVE-2024-2890 WordPress Tumult Hype Animations plugin <= 1.9.12 - Arbitrary File Upload vulnerability — Tumult Hype Animations 9.1 Critical2024-03-28
CVE-2024-29100 WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability — AI Engine: ChatGPT Chatbot 9.1 Critical2024-03-28
CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass — zitadel 8.7 High2024-03-27
CVE-2023-49815 WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability — WappPress 10.0 Critical2024-03-27
CVE-2024-1532 Hitachi Energy RTU500 安全漏洞 — RTU500 series CMU firmware 6.8 Medium2024-03-27
CVE-2024-1531 Hitachi Energy RTU500 安全漏洞 — RTU500 series CMU firmware 8.2 High2024-03-27
CVE-2024-2930 SourceCodester Music Gallery Site unrestricted upload — Music Gallery Site 7.3 High2024-03-26

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.