Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-6902 codelyfe Stupid Simple CMS upload.php unrestricted upload — Stupid Simple CMS 5.5 Medium2023-12-17
CVE-2023-6887 saysky ForestBlog Image Upload img unrestricted upload — ForestBlog 6.3 Medium2023-12-17
CVE-2023-6850 kalcaddle KodExplorer API Endpoint unrestricted upload — KodExplorer 6.3 Medium2023-12-16
CVE-2023-48394 Kaifa Technology WebITR - Arbitrary File Upload — WebITR 8.8 High2023-12-15
CVE-2023-48376 SmartStar Software CWS Web-Base - Arbitrary File Upload — CWS Web-Base 9.8 Critical2023-12-15
CVE-2023-6827 Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload — Essential Real Estate 7.5 High2023-12-15
CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload — E2Pdf – Export Pdf Tool for WordPress 7.2 High2023-12-15
CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload — OMICARD EDM 's SMS 9.8 Critical2023-12-15
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface — PAN-OS 5.5 Medium2023-12-13
CVE-2023-6723 Unrestricted Upload of File with Dangerous Type in Repox — Repox 10.0 Critical2023-12-13
CVE-2023-4122 Student Information System v1.0 - Insecure File Upload — Student Information System 9.9 Critical2023-12-07
CVE-2023-6576 Byzoro S210 HTTP POST Request uploadfile.php unrestricted upload — S210 6.3 Medium2023-12-07
CVE-2023-6574 Byzoro Smart S20 HTTP POST Request updateos.php unrestricted upload — Smart S20 6.3 Medium2023-12-07
CVE-2023-40460 Improper input leads to DoS — ALEOS 7.1 High2023-12-04
CVE-2023-5636 Malicious File Upload in ArslanSoft's Education Portal — Education Portal 9.8 Critical2023-12-01
CVE-2023-5637 Plaintext Storage of a Password in ArslanSoft's Education Portal — Education Portal 7.5 High2023-12-01
CVE-2023-6449 Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload — Contact Form 7 6.6 Medium2023-12-01
CVE-2023-5966 Unrestricted Upload of File with Dangerous Type in EspoCRM — EspoCRM 4.7 Medium2023-11-30
CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM — EspoCRM 4.7 Medium2023-11-30
CVE-2023-4225 Chamilo LMS File Upload Functionality Remote Code Execution — Chamilo 8.8 High2023-11-28
CVE-2023-4226 Chamilo LMS File Upload Functionality Remote Code Execution — Chamilo 8.8 High2023-11-28
CVE-2023-4224 Chamilo LMS File Upload Functionality Remote Code Execution — Chamilo 8.8 High2023-11-28
CVE-2023-4223 Chamilo LMS File Upload Functionality Remote Code Execution — Chamilo 8.8 High2023-11-28
CVE-2023-4220 Chamilo LMS Unauthenticated Big Upload File Remote Code Execution — Chamilo 8.1 High2023-11-28
CVE-2023-6219 BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress 7.2 High2023-11-28
CVE-2023-41998 Arcserve UDP Unauthenticated RCE — Arcserve UDP 9.8 Critical2023-11-27
CVE-2023-6308 Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload — Video Surveillance Management System 6.3 Medium2023-11-27
CVE-2023-6274 Byzoro Smart S80 PHP File updatelib.php unrestricted upload — Smart S80 6.3 Medium2023-11-24
CVE-2023-41812 Uploading executables via the file manager — Pandora FMS 5.7 Medium2023-11-23
CVE-2023-41788 Remote Code Execution via File Uploader — Pandora FMS 7.6 High2023-11-23

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.