Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-23155 Dell Wyse Management Suite 代码问题漏洞 — Wyse Management Suite 7.2 High2022-04-01
CVE-2022-0499 Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF — Sermon Browser 8.8 -2022-03-28
CVE-2022-0888 Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload — Ninja Forms - File Uploads 9.8 Critical2022-03-23
CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type — UR family 9.8 Critical2022-03-23
CVE-2022-1033 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/crater 6.7 -2022-03-23
CVE-2022-1034 There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc — star7th/showdoc 7.2 -2022-03-22
CVE-2022-0687 Amelia < 1.0.46 - Manager+ RCE — Amelia – Events & Appointments Booking Calendar 8.8 -2022-03-21
CVE-2022-0959 pgAdmin 代码问题漏洞 — pgadmin 7.5 -2022-03-16
CVE-2022-0951 File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc — star7th/showdoc 5.4 -2022-03-15
CVE-2022-0950 Unrestricted Upload of File with Dangerous Type in star7th/showdoc — star7th/showdoc 8.7 -2022-03-15
CVE-2022-0945 Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc — star7th/showdoc 5.4 -2022-03-15
CVE-2022-0962 Stored XSS viva .webma file upload in star7th/showdoc — star7th/showdoc 5.4 -2022-03-14
CVE-2022-0960 Stored XSS viva .properties file upload in star7th/showdoc — star7th/showdoc 5.4 -2022-03-14
CVE-2022-24387 File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010 — SmarterTrack 9.1 Critical2022-03-14
CVE-2022-0930 File upload filter bypass leading to stored XSS in microweber/microweber — microweber/microweber 4.8 -2022-03-12
CVE-2022-0912 Unrestricted Upload of File with Dangerous Type in microweber/microweber — microweber/microweber 8.7 -2022-03-11
CVE-2022-0440 Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution — Catch Themes Demo Import 7.2 -2022-03-07
CVE-2021-24960 WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG — WordPress File Upload 5.4 -2022-03-07
CVE-2021-24216 All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE — All-in-One WP Migration 7.2 -2022-03-07
CVE-2022-0409 Unrestricted Upload of File with Dangerous Type in star7th/showdoc — star7th/showdoc 8.0 -2022-02-19
CVE-2021-22803 Schneider Electric IGSS 代码问题漏洞 — Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 9.8 -2022-02-11
CVE-2021-37194 Siemens Comos 代码问题漏洞 — COMOS V10.2 6.5 -2022-02-09
CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom — jsdecena/laracom 9.9 -2022-02-04
CVE-2022-23026 F5 BIG-IP 代码问题漏洞 — BIG-IP ASM & Advanced WAF 4.3 -2022-01-25
CVE-2022-0263 Unrestricted Upload of File with Dangerous Type in pimcore/pimcore — pimcore/pimcore 8.8 -2022-01-18
CVE-2022-0242 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/crater 6.7 -2022-01-17
CVE-2021-34997 Commvault CommCell 代码问题漏洞 — CommCell 8.8 -2022-01-13
CVE-2021-34995 Commvault CommCell 代码问题漏洞 — CommCell 8.8 -2022-01-13
CVE-2021-4080 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/crater 7.2 -2022-01-12
CVE-2021-24981 Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload — Directorist – Business Directory Plugin 8.8 -2021-12-21

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.