Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 9.9 Critical2023-07-13
CVE-2023-34126 SonicWALL Analytics和GMS 代码问题漏洞 — GMS 8.8 -2023-07-13
CVE-2023-3626 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System UpLoadFloodPlanFile UpLoadFloodPlanFile.ashx unrestricted upload — Mountain Flood Disaster Prevention Monitoring and Early Warning System 6.3 Medium2023-07-11
CVE-2023-3625 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Write-UploadFile UploadFile.ashx unrestricted upload — Mountain Flood Disaster Prevention Monitoring and Early Warning System 6.3 Medium2023-07-11
CVE-2023-3623 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Module UploadHandler.ashx unrestricted upload — Mountain Flood Disaster Prevention Monitoring and Early Warning System 6.3 Medium2023-07-11
CVE-2023-3504 SmartWeb Infotech Job Board My Profile Page account unrestricted upload — Job Board 6.3 Medium2023-07-04
CVE-2023-3503 SourceCodester Shopping Website insert-product.php unrestricted upload — Shopping Website 6.3 Medium2023-07-04
CVE-2023-3491 Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling — fossbilling/fossbilling 8.0 -2023-06-30
CVE-2023-1721 Yoga Class Registration System 1.0 - RCE — Yoga Class Registration System 9.1 Critical2023-06-23
CVE-2023-3295 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload — Unlimited Elements For Elementor 8.8 High2023-06-17
CVE-2023-32753 ITPison OMICARD EDM - Arbitrary File Upload — Contact ITPison 9.8 Critical2023-06-16
CVE-2023-32752 L7 Networks InstantScan & InstantQoS - Arbitrary File Upload — InstantScan 9.8 Critical2023-06-16
CVE-2023-3274 code-projects Supplier Management System Picture btn_functions.php unrestricted upload — Supplier Management System 6.3 Medium2023-06-15
CVE-2022-33166 IBM Security Directory Suite VA file upload — Security Directory Suite VA 7.2 High2023-06-15
CVE-2023-3049 File Upload in TMT's Lockcell — Lockcell 9.8 Critical2023-06-13
CVE-2023-3187 PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload — Teachers Record Management System 6.3 Medium2023-06-09
CVE-2023-27881 PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type — Vuforia Studio 8.0 High2023-06-07
CVE-2020-36705 Adning Advertising <= 1.5.5 - Arbitrary File Upload — Adning Advertising 9.8 Critical2023-06-07
CVE-2021-4382 Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution — Recently 8.8 High2023-06-07
CVE-2022-4949 AdSanity < 1.8.2 - Authenticated Arbitrary File Upload — AdSanity 8.8 High2023-06-07
CVE-2016-15033 Delete All Comments <= 2.0 - Arbitrary File Upload — Delete All Comments 9.8 Critical2023-06-07
CVE-2021-4354 PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload — PWA for WP – Progressive Web Apps Made Simple 8.8 High2023-06-07
CVE-2019-25138 User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload — User Submitted Posts – Enable Users to Submit Posts from the Front End 9.8 Critical2023-06-07
CVE-2020-36701 Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload — Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme 8.8 High2023-06-07
CVE-2023-22450 Advantech WebAccess/SCADA 代码问题漏洞 — WebAccess/SCADA 7.2 High2023-06-05
CVE-2023-32628 Advantech WebAccess/SCADA 代码问题漏洞 — WebAccess/SCADA 7.2 High2023-06-05
CVE-2023-3061 code-projects Agro-School Management System Attachment Image btn_functions.php unrestricted upload — Agro-School Management System 6.3 Medium2023-06-02
CVE-2023-3032 Mobatime web application - Arbitrary file upload (RCE) — Mobatime web application 8.1 High2023-06-02
CVE-2023-2063 Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules — MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 6.3 Medium2023-06-02
CVE-2023-28700 ITPison OMICARD EDM - Arbitrary File Upload — OMICARD EDM 6.8 Medium2023-06-02

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.