CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-28699	WADE DIGITAL DESIGN CO, LTD. FANTSY - Arbitrary File Upload — FANTSY	8.8	High	2023-06-02
CVE-2014-125104	VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload — VaultPress Plugin	6.3	Medium	2023-06-01
CVE-2023-32689	Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file — parse-server	6.3	Medium	2023-05-30
CVE-2023-2924	Supcon SimField reportupload.aspx unrestricted upload — SimField	4.7	Medium	2023-05-27
CVE-2023-2888	PHPOK unrestricted upload — PHPOK	4.7	Medium	2023-05-25
CVE-2023-2712	Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform. — Rental Module	9.8	Critical	2023-05-20
CVE-2023-2776	code-projects Simple Photo Gallery unrestricted upload — Simple Photo Gallery	6.3	Medium	2023-05-17
CVE-2023-2738	Tongda OA GatewayController.php actionGetdata unrestricted upload — OA	6.3	Medium	2023-05-16
CVE-2023-2648	Weaver E-Office uploadify.php unrestricted upload — E-Office	6.3	Medium	2023-05-11
CVE-2023-28128	Ivanti Avalanche 代码问题漏洞 — Avalanche	8.1	-	2023-05-09
CVE-2023-2523	Weaver E-Office unrestricted upload — E-Office	7.3	High	2023-05-04
CVE-2022-45802	Apache StreamPark (incubating): Upload any file to any directory — Apache StreamPark (incubating)	8.1	-	2023-05-01
CVE-2023-2424	DedeCMS config.php UpDateMemberModCache unrestricted upload — DedeCMS	6.3	Medium	2023-04-29
CVE-2023-2419	Zhong Bang CRMEB SystemAttachmentServices.php videoUpload unrestricted upload — CRMEB	4.7	Medium	2023-04-29
CVE-2023-30613	Kiwi TCMS unrestricted file upload vulnerability — Kiwi	8.1	High	2023-04-24
CVE-2023-1731	Improper Input Validation in Meinberg LTOS — LTOS	7.2	High	2023-04-24
CVE-2023-25132	Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business — PowerPanel Business Local / Remote	9.1	Critical	2023-04-24
CVE-2023-2246	SourceCodester Online Pizza Ordering System unrestricted upload — Online Pizza Ordering System	6.3	Medium	2023-04-23
CVE-2023-2245	hansunCMS unrestricted upload — hansunCMS	6.3	Medium	2023-04-22
CVE-2023-2034	Unrestricted Upload of File with Dangerous Type in froxlor/froxlor — froxlor/froxlor	9.9	-	2023-04-14
CVE-2023-1970	yuan1994 tpAdmin Upload.php Upload unrestricted upload — tpAdmin	6.3	Medium	2023-04-10
CVE-2023-27602	Apache Linkis publicsercice module unrestricted upload of file — Apache Linkis	9.8	-	2023-04-10
CVE-2023-1942	SourceCodester Online Computer and Laptop Store Avatar unrestricted upload — Online Computer and Laptop Store	6.3	Medium	2023-04-07
CVE-2023-20073	Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability — Cisco Small Business RV Series Router Firmware	5.3	Medium	2023-04-05
CVE-2023-1826	SourceCodester Online Computer and Laptop Store index.php unrestricted upload — Online Computer and Laptop Store	6.3	Medium	2023-04-04
CVE-2023-1728	Unrestricted Upload of File with Dangerous Type in Fernus LMS — LMS	9.8	Critical	2023-04-04
CVE-2023-1797	OTCMS unrestricted upload — OTCMS	6.3	Medium	2023-04-02
CVE-2023-1744	IBOS htaccess unrestricted upload — IBOS	6.3	Medium	2023-03-30
CVE-2023-1739	SourceCodester Simple and Beautiful Shopping Cart System upload.php unrestricted upload — Simple and Beautiful Shopping Cart System	6.3	Medium	2023-03-30
CVE-2023-1734	SourceCodester Young Entrepreneur E-Negosyo System unrestricted upload — Young Entrepreneur E-Negosyo System	7.3	High	2023-03-30

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018