Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2017

2017 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1952 eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload — Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC 9.8 -2022-07-11
CVE-2015-1784 WordPress plugin nextgen-galery 代码问题漏洞 — nextgen-gallery 8.8 -2022-07-07
CVE-2015-1785 WordPress plugin nextgen-galery 跨站请求伪造漏洞 — nextgen-gallery 8.8 -2022-07-07
CVE-2022-2268 WP All Import < 3.6.8 - Admin+ Arbitrary File Upload — Import any XML or CSV File to WordPress 7.2 -2022-07-04
CVE-2022-2212 SourceCodester Library Management System /card/index.php unrestricted upload — Library Management System 6.3 Medium2022-06-27
CVE-2013-1916 WordPress plugin User Photo 代码问题漏洞 — WordPress Plugin User Photo 8.8 -2022-06-24
CVE-2022-1519 Illumina Local Run Manager 代码问题漏洞 — NextSeq 550Dx 10.0 Critical2022-06-24
CVE-2022-2128 Unrestricted Upload of File with Dangerous Type in polonel/trudesk — polonel/trudesk 8.0 -2022-06-20
CVE-2022-1939 Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload — Allow svg files 7.2 -2022-06-20
CVE-2022-2111 Unrestricted Upload of File with Dangerous Type in inventree/inventree — inventree/inventree 8.8 -2022-06-17
CVE-2022-0863 WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE) — WP SVG Icons 7.2 -2022-06-13
CVE-2022-1837 Home Clean Services Management System unrestricted upload — Home Clean Services Management System 4.7 Medium2022-05-24
CVE-2022-1811 Unrestricted Upload of File with Dangerous Type in publify/publify — publify/publify 9.6 -2022-05-23
CVE-2022-1752 Unrestricted Upload of File with Dangerous Type in polonel/trudesk — polonel/trudesk 8.0 -2022-05-21
CVE-2022-1409 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload — VikBooking Hotel Booking Engine & PMS 7.2 -2022-05-16
CVE-2022-1103 Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload — Advanced uploader 8.8 -2022-05-16
CVE-2021-25119 AGIL <= 1.0 - Admin+ Arbitrary File Upload — AGIL(Automatic Grid Image Listing) 7.2 -2022-05-16
CVE-2021-33009 mySCADA myPRO Unrestricted Upload of File with Dangerous Type — myPRO 7.5 High2022-05-13
CVE-2021-27771 HCL Sametime is susceptible a file transfer service vulnerability — Sametime 8.2 High2022-05-12
CVE-2022-1411 Unrestructed file upload in yetiforcecompany/yetiforcecrm — yetiforcecompany/yetiforcecrm 7.6 -2022-05-05
CVE-2022-20743 Cisco Firepower Management Center File Upload Security Bypass Vulnerability — Cisco Firepower Management Center 6.5 Medium2022-05-03
CVE-2022-1273 Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE — Import WP – Import and Export WordPress data to XML or CSV files 7.2 -2022-05-02
CVE-2021-43934 Elcomplus SmartPtt Unrestricted Upload of File with Dangerous Type — SmartPTT 9.8 Critical2022-04-28
CVE-2021-4225 SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload — SP Project & Document Manager 8.8 -2022-04-25
CVE-2022-27862 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE — VikBooking Hotel Booking Engine & PMS (WordPress plugin) 9.8 Critical2022-04-19
CVE-2022-1345 Stored XSS viva .svg file upload in causefx/organizr — causefx/organizr 8.9 -2022-04-13
CVE-2022-1008 One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload — One Click Demo Import 7.2 -2022-04-11
CVE-2022-1045 Stored XSS viva .svg file upload in polonel/trudesk — polonel/trudesk 5.4 -2022-04-11
CVE-2022-0537 MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution — MapPress Maps for WordPress 7.2 -2022-04-04
CVE-2022-0403 Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion — Library File Manager 8.1 -2022-04-04

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2017 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.