Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-4080 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/crater 7.2 -2022-01-12
CVE-2021-24981 Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload — Directorist – Business Directory Plugin 8.8 -2021-12-21
CVE-2021-44164 Chain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File Upload — ai chatbot system 9.8 Critical2021-12-20
CVE-2021-44159 4MOSAn GCB Doctor - Unrestricted Upload of File — GCB Doctor 9.8 Critical2021-12-20
CVE-2021-43829 Unrestricted Upload of Files in Patrowl — PatrowlManager 7.4 High2021-12-14
CVE-2021-42133 Ivanti Avalanche 代码问题漏洞 — Ivanti Avalanche 8.1 -2021-12-07
CVE-2021-42123 Missing Upload Filter in TopEase — TopEase 7.3 High2021-11-30
CVE-2021-42362 WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload — WordPress Popular Posts 8.8 High2021-11-17
CVE-2021-39222 XSS in Talk — security-advisories 6.4 Medium2021-11-15
CVE-2021-42839 Grand Vice info Co. webopac7 - Arbitrary File Upload — webopac7 8.8 High2021-11-15
CVE-2021-3915 Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack — bookstackapp/bookstack 7.3 -2021-11-13
CVE-2018-25019 LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload — LearnDash LMS 7.5 -2021-11-01
CVE-2021-3745 Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms — flatcore/flatcore-cms 6.6 -2021-10-28
CVE-2021-3906 Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack — bookstackapp/bookstack 7.3 -2021-10-27
CVE-2021-39221 XSS in Contacts — security-advisories 6.4 Medium2021-10-25
CVE-2021-38471 AUVESY Versiondog — Versiondog 9.1 Critical2021-10-22
CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload — Catch Themes Demo Import 7.2 High2021-10-21
CVE-2021-3846 Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii — firefly-iii/firefly-iii 8.8 -2021-10-19
CVE-2021-38484 InHand Networks IR615 Router — IR615 Router 9.1 Critical2021-10-19
CVE-2021-41566 Tad TadTools - Arbitrary File Upload — TadTools 9.8 Critical2021-10-08
CVE-2021-3832 Integria IMS Remote Code Execution — Integria IMS 9.8 Critical2021-10-07
CVE-2021-41290 ECOA BAS controller - Path Traversal-1 — ECS Router Controller ECS (FLASH) 9.8 Critical2021-09-30
CVE-2021-24663 Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload — Simple Schools Staff Directory 7.2 -2021-09-20
CVE-2021-33698 SAP Business One 代码问题漏洞 — SAP Business One 8.1 -2021-09-15
CVE-2021-24620 Simple eCommerce <= 2.2.5 - Arbitrary File Upload — WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal 9.8 -2021-09-13
CVE-2021-24493 Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload — Shopp 9.8 -2021-09-13
CVE-2021-24490 Email Artillery <= 4.1 - Arbitrary File Upload — Email Artillery (MASS EMAIL) 8.0 -2021-09-13
CVE-2021-32955 Delta Electronics DIAEnergie 代码问题漏洞 — Delta Electronics DIAEnergie 9.8 -2021-08-30
CVE-2021-39149 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23
CVE-2021-39148 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.