CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2017

2017 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-3552	Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling — boxbilling/boxbilling	9.9	-	2022-10-17
CVE-2022-32177	Gin-vue-admin - Unrestricted File Upload — gin-vue-admin	9.0	-	2022-10-14
CVE-2022-3125	Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload — Frontend File Manager Plugin	8.8	-	2022-10-03
CVE-2022-36066	Discourse vulnerable to RCE via admins uploading maliciously zipped file — discourse	9.1	Critical	2022-09-29
CVE-2022-3076	CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload — CM Download Manager	7.2	-	2022-09-26
CVE-2022-2872	Unrestricted Upload of File with Dangerous Type in octoprint/octoprint — octoprint/octoprint	9.1	-	2022-09-21
CVE-2022-3129	codeprojects Online Driving School registration.php unrestricted upload — Online Driving School	6.3	Medium	2022-09-07
CVE-2022-36285	WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability — Uploading SVG, WEBP and ICO files (WordPress plugin)	7.2	High	2022-08-23
CVE-2022-2594	Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload — Advanced Custom Fields	7.5	-	2022-08-22
CVE-2022-2909	SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload — Simple and Nice Shopping Cart Script	6.3	Medium	2022-08-20
CVE-2022-2180	GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE — greyd_suite	9.8	-	2022-08-15
CVE-2022-2804	SourceCodester Zoo Management System apply_vacancy.php unrestricted upload — Zoo Management System	6.3	Medium	2022-08-12
CVE-2022-2779	SourceCodester Gas Agency Management System oneWord.php unrestricted upload — Gas Agency Management System	6.3	Medium	2022-08-12
CVE-2022-2751	SourceCodester Company Website CMS add-portfolio.php unrestricted upload — Company Website CMS	6.3	Medium	2022-08-11
CVE-2022-2750	SourceCodester Company Website CMS Add Service add-service.php unrestricted upload — Company Website CMS	6.3	Medium	2022-08-11
CVE-2022-2749	SourceCodester Gym Management System unrestricted upload — Gym Management System	4.7	Medium	2022-08-11
CVE-2022-2746	SourceCodester Simple Online Book Store System Admin_ add.php unrestricted upload — Simple Online Book Store System	6.3	Medium	2022-08-11
CVE-2022-2744	SourceCodester Gym Management System Background Management add_exercises.php unrestricted upload — Gym Management System	6.3	Medium	2022-08-11
CVE-2022-2740	SourceCodester Company Website CMS Add Blog add-blog.php unrestricted upload — Company Website CMS	6.3	Medium	2022-08-11
CVE-2022-2736	SourceCodester Company Website CMS Background Upload Logo Icon updatelogo.php unrestricted upload — Company Website CMS	6.3	Medium	2022-08-11
CVE-2022-2356	User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload — Frontend File Manager & Sharing – User Private Files	8.8	-	2022-08-08
CVE-2022-2046	Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload — Directorist – WordPress Business Directory Plugin with Classified Ads Listings	6.5	-	2022-08-08
CVE-2022-2694	SourceCodester Company Website CMS unrestricted upload — Company Website CMS	6.3	Medium	2022-08-06
CVE-2022-2678	SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload — Alphaware Simple E-Commerce System	6.3	Medium	2022-08-05
CVE-2022-2647	jeecg-boot unrestricted upload — jeecg-boot	7.3	High	2022-08-04
CVE-2022-1565	Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets	7.2	High	2022-07-18
CVE-2022-2420	URVE Web Manager uploader.php unrestricted upload — Web Manager	8.0	High	2022-07-15
CVE-2022-2419	URVE Web Manager upload.php unrestricted upload — Web Manager	8.0	High	2022-07-15
CVE-2022-2418	URVE Web Manager img_upload.php unrestricted upload — Web Manager	8.0	High	2022-07-15
CVE-2022-2297	SourceCodester Clinics Patient Management System unrestricted upload — Clinics Patient Management System	6.3	Medium	2022-07-12

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2017 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2017