Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2016

2016 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-39145 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23
CVE-2021-39141 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23
CVE-2021-39153 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23
CVE-2021-39151 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23
CVE-2021-39154 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 8.5 High2021-08-23
CVE-2021-37608 Arbitrary file upload vulnerability in OFBiz — Apache OFBiz 9.8 -2021-08-18
CVE-2021-22937 Pulse Secure Pulse Connect Secure 代码问题漏洞 — Pulse Connect Secure 6.5 -2021-08-16
CVE-2021-24499 Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution — Workreap 9.8 -2021-08-09
CVE-2021-35963 Learningdigital.com, Inc. Orca HCM - Unrestricted Upload of File with Dangerous Type — Orca HCM 9.8 Critical2021-07-19
CVE-2021-32538 ARTWARE CMS - Unrestricted Upload of File — CMS 9.8 Critical2021-07-07
CVE-2021-34624 ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component — ProfilePress 9.8 Critical2021-07-07
CVE-2021-34623 ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in Image Uploader Component — ProfilePress 9.8 Critical2021-07-07
CVE-2010-1433 Joomla 代码问题漏洞 — Joomla 9.8 -2021-06-21
CVE-2021-24376 Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings" — Autoptimize 9.8 -2021-06-21
CVE-2021-24370 Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE — Fancy Product Designer 9.8 -2021-06-21
CVE-2021-27489 ZOLL Defibrillator Dashboard 代码问题漏洞 — ZOLL Defibrillator Dashboard 8.8 -2021-06-16
CVE-2020-7864 Raonwiz DEXT5 Editor File upload and Execution vulnerability — DEXT5Editor 7.8 High2021-06-15
CVE-2021-24311 External Media < 1.0.34 - Authenticated Arbitrary File Upload — External Media 8.1 -2021-06-01
CVE-2021-29092 Synology Photo Station 代码问题漏洞 — Synology Photo Station 8.8 High2021-06-01
CVE-2021-32630 Various — admidio 9.6 Critical2021-05-20
CVE-2021-27459 Emerson Rosemount X-STREAM Gas Analyzer 代码问题漏洞 — Emerson Rosemount X-STREAM Gas Analyzer 9.8 -2021-05-20
CVE-2021-24284 Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload — Kaswara Modern VC Addons 9.8 -2021-05-14
CVE-2021-24254 College Publisher Import <= 0.1 - Arbitrary File Upload to RCE — College publisher Import 7.2 -2021-05-05
CVE-2021-24248 Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE — Business Directory Plugin – Easy Listing Directories for WordPress 7.2 -2021-05-05
CVE-2021-24252 Event Banner <= 1.3 - Arbitrary File Upload to RCE — Event Banner 9.8 -2021-05-05
CVE-2021-24253 Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE — Classyfrieds 8.8 -2021-05-05
CVE-2021-24236 Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE — Imagements 9.8 -2021-05-05
CVE-2021-24240 Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE — Business Hours Pro 9.8 -2021-04-22
CVE-2021-23280 Arbitrary File upload — Intelligent Power manager (IPM) 8.0 High2021-04-13
CVE-2021-24224 Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload — Easy Form Builder 8.8 -2021-04-12

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2016 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.