CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-25623	Lack of media type verification of Activity Streams objects allows impersonation of remote accounts — mastodon	8.5	High	2024-02-19
CVE-2022-42443	Trusteer for mobile file upload — Trusteer iOS SDK	2.2	Low	2024-02-17
CVE-2024-22426	Dell RecoverPoint for Virtual Machines 代码问题漏洞 — RecoverPoint for VMs	7.2	High	2024-02-16
CVE-2024-23811	Siemens SINEC NMS 代码问题漏洞 — SINEC NMS	8.8	High	2024-02-13
CVE-2023-50386	Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets — Apache Solr	9.8	-	2024-02-09
CVE-2024-1268	CodeAstro Restaurant POS System update_product.php unrestricted upload — Restaurant POS System	6.3	Medium	2024-02-07
CVE-2024-1264	Juanpao JPShop UploadsController.php actionUpdate unrestricted upload — JPShop	6.3	Medium	2024-02-06
CVE-2024-1263	Juanpao JPShop API PosterController.php actionUpdate unrestricted upload — JPShop	6.3	Medium	2024-02-06
CVE-2024-1262	Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload — JPShop	6.3	Medium	2024-02-06
CVE-2024-1261	Juanpao JPShop API ComboController.php actionIndex unrestricted upload — JPShop	6.3	Medium	2024-02-06
CVE-2024-1260	Juanpao JPShop API ComboController.php actionIndex unrestricted upload — JPShop	6.3	Medium	2024-02-06
CVE-2024-1259	Juanpao JPShop API AppController.php unrestricted upload — JPShop	6.3	Medium	2024-02-06
CVE-2024-1253	Byzoro Smart S40 Management Platform Import web.php unrestricted upload — Smart S40 Management Platform	4.7	Medium	2024-02-06
CVE-2023-6925	Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload — Unlimited Addons for WPBakery Page Builder	7.2	High	2024-02-05
CVE-2023-6635	EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload — Gutenberg Block Editor Toolkit – EditorsKit	7.2	High	2024-02-05
CVE-2024-0699	AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url — AI Engine – The Chatbot, AI Framework & MCP for WordPress	6.6	Medium	2024-02-05
CVE-2023-6675	Malicious File Upload in National Keep's CyberMath — CyberMath	9.8	Critical	2024-02-02
CVE-2024-1116	openBI Upload.php index unrestricted upload — openBI	7.3	High	2024-01-31
CVE-2024-1113	openBI Unity.php uploadUnity unrestricted upload — openBI	6.3	Medium	2024-01-31
CVE-2024-1069	Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload — Database for Contact Form 7, WPforms, Elementor forms	7.2	High	2024-01-31
CVE-2024-1036	openBI Icon Screen.php uploadIcon unrestricted upload — openBI	7.3	High	2024-01-30
CVE-2024-1035	openBI Icon.php uploadIcon unrestricted upload — openBI	7.3	High	2024-01-30
CVE-2024-1034	openBI File.php uploadFile unrestricted upload — openBI	7.3	High	2024-01-30
CVE-2024-1027	SourceCodester Facebook News Feed Like Post unrestricted upload — Facebook News Feed Like	6.3	Medium	2024-01-30
CVE-2024-1008	SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload — Employee Management System	4.7	Medium	2024-01-29
CVE-2024-0939	Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload — Smart S210 Management Platform	6.3	Medium	2024-01-26
CVE-2024-0933	Niushop B2B2C Upload.php unrestricted upload — B2B2C	6.3	Medium	2024-01-26
CVE-2024-23630	Motorola MR2600 Arbitrary Firmware Upload Vulnerability — MR2600	9.0	Critical	2024-01-25
CVE-2023-52221	WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.1 is vulnerable to Arbitrary File Upload — Barcode Scanner and Inventory manager	10.0	Critical	2024-01-24
CVE-2024-22135	WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload — Order Export & Order Import for WooCommerce	8.0	High	2024-01-24

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018