CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-2406	Gacjie Server Upload.php index unrestricted upload — Server	5.4	Medium	2024-03-12
CVE-2023-30968	Stored XSS in gaia — com.palantir.acme.gaia:gaia	6.8	Medium	2024-03-12
CVE-2024-1527	Unrestricted Upload of File with Dangerous Type in CMS Made Simple — CMS Made Simple	9.8	Critical	2024-03-12
CVE-2024-2394	SourceCodester Employee Management System add-admin.php unrestricted upload — Employee Management System	4.7	Medium	2024-03-12
CVE-2024-25994	PHOENIX CONTACT: Unintended script file upload in CHARX Series — CHARX SEC-3000	5.3	Medium	2024-03-12
CVE-2024-2268	keerti1924 Online-Book-Store-Website unrestricted upload — Online-Book-Store-Website	4.7	Medium	2024-03-07
CVE-2024-1986	Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload — Booster Elite for WooCommerce	8.8	High	2024-03-07
CVE-2023-45595	AiLux imx6 安全漏洞 — imx6 bundle	5.9	Medium	2024-03-05
CVE-2024-2148	SourceCodester Online Mobile Management Store Users.php unrestricted upload — Online Mobile Management Store	6.3	Medium	2024-03-03
CVE-2024-2059	SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload — Petrol Pump Management Software	4.7	Medium	2024-03-01
CVE-2024-2058	SourceCodester Petrol Pump Management Software product.php unrestricted upload — Petrol Pump Management Software	4.7	Medium	2024-03-01
CVE-2024-0864	RCE in Laragon — Laragon	9.8	-	2024-02-29
CVE-2023-6090	WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload — Mollie Payments for WooCommerce	9.1	Critical	2024-02-29
CVE-2024-1468	Avada \| Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload — Avada \| Website Builder For WordPress & WooCommerce	8.8	High	2024-02-29
CVE-2023-25921	IBM Security Guardium Key Lifecycle Manager file upload — Security Guardium Key Lifecycle Manager	8.5	High	2024-02-29
CVE-2023-25922	IBM Security Guardium Key Lifecycle Manager file upload — Security Guardium Key Lifecycle Manager	4.3	Medium	2024-02-28
CVE-2024-1932	Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout — freescout-helpdesk/freescout	8.8	-	2024-02-28
CVE-2024-1925	Ctcms Upsys.php unrestricted upload — Ctcms	5.0	Medium	2024-02-27
CVE-2024-1921	osuuu LightPicture Setup.php unrestricted upload — LightPicture	4.7	Medium	2024-02-27
CVE-2024-1918	Byzoro Smart S42 Management Platform userattestation.php unrestricted upload — Smart S42 Management Platform	4.7	Medium	2024-02-27
CVE-2024-24714	WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload — Icons Font Loader	7.2	High	2024-02-26
CVE-2024-25909	WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload — WP Media folder	9.9	Critical	2024-02-26
CVE-2024-25913	WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload — MoveTo	10.0	Critical	2024-02-26
CVE-2024-25925	WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload — WooCommerce Easy Checkout Field Editor, Fees & Discounts	10.0	Critical	2024-02-26
CVE-2024-1875	SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload — Complaint Management System	6.3	Medium	2024-02-25
CVE-2024-1819	CodeAstro Membership Management System Add Members Tab unrestricted upload — Membership Management System	4.7	Medium	2024-02-23
CVE-2024-1818	CodeAstro Membership Management System Logo unrestricted upload — Membership Management System	4.7	Medium	2024-02-23
CVE-2024-22393	Apache Answer: Pixel Flood Attack by uploading the large pixel file — Apache Answer	6.5	-	2024-02-22
CVE-2024-1644	Suite CRM v7.14.2 - RCE via Local File Inclusion — Suite CRM	9.9	Critical	2024-02-19
CVE-2024-25636	Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts — misskey	7.1	High	2024-02-19

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018