Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24222 WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE — WP-Curriculo Vitae Free 9.8 -2021-04-12
CVE-2021-24220 All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion — Rise by Thrive Themes 9.1 -2021-04-12
CVE-2021-20022 Sonicwall SonicWall Email Security Appliance 代码问题漏洞 — Email Security 7.2 -2021-04-09
CVE-2021-28173 Vangene deltaFlow E-platform - Arbitrary File Upload — deltaFlow E-platform 9.8 Critical2021-04-06
CVE-2021-24212 WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE — WooCommerce Help Scout 9.8 -2021-04-05
CVE-2021-24171 WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload — WooCommerce Upload Files 9.8 -2021-04-05
CVE-2021-24160 Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload — Responsive Menu – Create Mobile-Friendly Menu 8.8 -2021-04-05
CVE-2021-24155 Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload — WordPress Backup and Migrate Plugin – Backup Guard 7.2 -2021-04-05
CVE-2021-27274 NETGEAR ProSAFE Network Management System 代码问题漏洞 — ProSAFE Network Management System 9.8 -2021-03-29
CVE-2021-21355 Unrestricted File Upload in Form Framework — TYPO3.CMS 8.6 High2021-03-23
CVE-2021-21350 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 5.3 Medium2021-03-22
CVE-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 5.4 Medium2021-03-22
CVE-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 5.3 Medium2021-03-22
CVE-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 6.1 Medium2021-03-22
CVE-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack — xstream 6.1 Medium2021-03-22
CVE-2021-24145 Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE — Modern Events Calendar Lite 7.2 -2021-03-18
CVE-2021-24123 PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE — PowerPress 7.2 -2021-03-18
CVE-2020-7847 ipTIME NAS 代码问题漏洞 — ipTIME NAS 7.4 High2021-02-23
CVE-2021-21014 Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution — Magento Commerce 9.1 -2021-02-11
CVE-2021-22698 Schneider Electric EcoStruxure Power Build - Rapsody 代码问题漏洞 — EcoStruxure Power Build - Rapsody software V2.1.13 and prior. 7.8 -2021-01-25
CVE-2021-22697 Schneider Electric EcoStruxure Power Build - Rapsody 代码问题漏洞 — EcoStruxure Power Build - Rapsody software V2.1.13 and prior. 7.8 -2021-01-25
CVE-2021-21245 Pre-Auth Arbitrary File Upload — onedev 10.0 Critical2021-01-15
CVE-2020-26286 Arbitary file upload — hedgedoc 7.5 High2020-12-28
CVE-2020-26255 PHP Phar archives could be uploaded and executed in Kirby — kirby 6.8 Medium2020-12-08
CVE-2020-7569 Schneider Electric EcoStruxure Building Operation WebReports 代码问题漏洞 — EcoStruxure Building Operation WebReports V1.9 - V3.1 8.8 -2020-11-19
CVE-2020-24407 Arbitrary code execution via file import functionality — Magento Commerce 9.1 Critical2020-11-09
CVE-2020-15277 Remote Code Execution in baserCMS — basercms 7.2 High2020-10-30
CVE-2020-8260 Pulse Secure Pulse Connect Secure 代码问题漏洞 — Pulse Connect Secure / Pulse Policy Secure 7.2 -2020-10-28
CVE-2020-3436 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 -2020-10-21
CVE-2019-1888 Cisco Unified Contact Center Express Privilege Escalation Vulnerability — Cisco Unified Contact Center Express 7.2 -2020-09-23

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.