Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-5822 Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload — Drag and Drop Multiple File Upload for Contact Form 7 8.1 High2023-11-22
CVE-2023-6187 Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload — Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions 7.5 High2023-11-18
CVE-2023-39548 NEC Corporation CLUSTERPRO 安全漏洞 — CLUSTERPRO X (EXPRESSCLUSTER X) 8.8 -2023-11-17
CVE-2023-6133 Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload — Forminator Forms – Contact Form, Payment Form & Custom Form Builder 6.6 Medium2023-11-15
CVE-2023-6127 Unrestricted Upload of File with Dangerous Type in salesagility/suitecrm — salesagility/suitecrm 8.8 -2023-11-14
CVE-2023-47621 Remote code execution via file uploads in guest-entries — guest-entries 8.8 High2023-11-13
CVE-2023-6102 Maiwei Safety Production Control Platform unrestricted upload — Safety Production Control Platform 5.3 Medium2023-11-13
CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads — cms 8.4 High2023-11-10
CVE-2023-42659 WS_FTP Server Arbitrary File Upload — WS_FTP Server 9.1 Critical2023-11-07
CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload — Vitals ESP 8.8 High2023-11-03
CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload — Company Website CMS 4.7 Medium2023-11-02
CVE-2023-5860 Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload — Icons Font Loader – Load Web Fonts and Icon Libraries 7.2 High2023-11-02
CVE-2023-20196 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 4.7 Medium2023-11-01
CVE-2023-20195 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 4.7 Medium2023-11-01
CVE-2023-1720 Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload — Bitrix24 9.6 Critical2023-11-01
CVE-2023-1713 Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation — Bitrix24 8.8 High2023-11-01
CVE-2023-42803 BigBlueButton Unrestricted File Upload vulnerability — bigbluebutton 5.3 Medium2023-10-30
CVE-2023-5829 code-projects Admission Management System student_avatar.php unrestricted upload — Admission Management System 6.3 Medium2023-10-27
CVE-2023-5812 flusity CMS upload.php handleFileUpload unrestricted upload — CMS 4.7 Medium2023-10-27
CVE-2023-5796 CodeAstro POS System Logo setting unrestricted upload — POS System 6.3 Medium2023-10-26
CVE-2023-5795 CodeAstro POS System Profile Picture profil unrestricted upload — POS System 6.3 Medium2023-10-26
CVE-2023-5790 SourceCodester File Manager App add-file.php unrestricted upload — File Manager App 6.3 Medium2023-10-26
CVE-2023-5524 M-Files Web Companion allows Remote Code Execution for some filetypes — Web Companion 8.2 High2023-10-20
CVE-2020-36706 Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload — Simple:Press Forum 9.8 Critical2023-10-20
CVE-2023-34207 Unrestricted Upload of File with Dangerous Type in EasyUse MailHunter Ultimate — MailHunter Ultimate 9.9 Critical2023-10-17
CVE-2022-22375 IBM Security Verify Privilege command execution — Security Verify Privilege 7.2 High2023-10-17
CVE-2011-10004 reciply Plugin uploadImage.php unrestricted upload — reciply Plugin 6.3 Medium2023-10-16
CVE-2023-35018 IBM Security Verify Governance file upload — Security Verify Governance 3.3 Low2023-10-15
CVE-2023-5493 Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform web.php unrestricted upload — Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 6.3 Medium2023-10-10
CVE-2023-5492 Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform licence.php unrestricted upload — Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 6.3 Medium2023-10-10

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.