Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-0783 EcShop PHP File template.php unrestricted upload — EcShop 4.7 Medium2023-02-11
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore — pimcore 8.2 High2023-02-03
CVE-2023-0651 FastCMS Template Management unrestricted upload — FastCMS 6.3 Medium2023-02-02
CVE-2022-42971 Schneider Electric Easy UPS Online Monitoring Software 代码问题漏洞 — APC Easy UPS Online Monitoring Software 9.8 Critical2023-02-01
CVE-2022-43979 Path Traversal leading to Local File Inclusion — Pandora FMS 5.9 Medium2023-01-27
CVE-2023-0455 Unrestricted Upload of File with Dangerous Type in unilogies/bumsys — unilogies/bumsys 8.1 -2023-01-26
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act — act 8.0 High2023-01-20
CVE-2023-23607 Unrestricted file upload leads to Remote Code Execution in erohtar/Dasherr — Dasherr 9.8 Critical2023-01-20
CVE-2021-26642 XpressEngine file upload vulnerability — XE3 XpresesEngine 8.8 High2023-01-20
CVE-2022-46660 Proficy Historian 代码问题漏洞 — Proficy Historian 7.5 High2023-01-17
CVE-2023-0257 SourceCodester Online Food Ordering System Menu Form unrestricted upload — Online Food Ordering System 4.7 Medium2023-01-12
CVE-2022-43436 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload — EasyTest 8.8 High2023-01-03
CVE-2022-4732 Unrestricted Upload of File with Dangerous Type in microweber/microweber — microweber/microweber 8.7 -2022-12-24
CVE-2022-4665 Unrestricted Upload of File with Dangerous Type in ampache/ampache — ampache/ampache 8.0 -2022-12-23
CVE-2022-4506 Unrestricted Upload of File with Dangerous Type in openemr/openemr — openemr/openemr 7.2 -2022-12-15
CVE-2022-41267 SAP Business Objects 代码问题漏洞 — BusinessObjects Business Intelligence Platform 9.9 Critical2022-12-13
CVE-2022-45359 WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload — YITH WooCommerce Gift Cards 9.8 Critical2022-12-06
CVE-2022-38140 WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload — SEO Plugin by Squirrly SEO (WordPress plugin) 7.6 High2022-11-28
CVE-2022-2791 Emerson Proficy Machine Edition 代码问题漏洞 — Proficy Machine Edition 5.9 Medium2022-11-22
CVE-2022-42698 WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability — Api2Cart Bridge Connector (WordPress plugin) 9.8 Critical2022-11-18
CVE-2022-40981 ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type — Remote Access Server (RAS) 5.9 Medium2022-11-10
CVE-2022-39036 FLOWRING Agentflow BPM - Arbitrary File Upload — Agentflow BPM 9.8 Critical2022-11-10
CVE-2022-3537 Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload — Role Based Pricing for WooCommerce 8.8 -2022-11-07
CVE-2022-3575 Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability — Diagnostic System FDS102 9.8 Critical2022-11-02
CVE-2022-41681 File Upload vulnerability in Forma LMS — Forma LMS 9.9 Critical2022-10-31
CVE-2022-42925 Unrestricted Upload of File with Dangerous Type in Forma LMS — Forma LMS 9.9 Critical2022-10-31
CVE-2021-38397 Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type — Experion PKS 10.0 Critical2022-10-28
CVE-2022-33859 Unrestricted file upload in Eaton Foreseer EPMS — Foreseer EPMS 8.1 High2022-10-28
CVE-2022-39305 Gin-vue-admin vulnerable to Unrestricted Upload of File with Dangerous Type — gin-vue-admin 9.8 Critical2022-10-24
CVE-2020-8974 ZGR TPS200 NG Missing Reference to Active Allocated Resource — ZGR TPS200 NG 10.0 Critical2022-10-17

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.