2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-15189 | Remote Code Execution in SOY CMS — soycms | 6.8 | Medium | 2020-09-18 |
| CVE-2020-6288 | SAP Business Objects Business Intelligence Platform 代码问题漏洞 — SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) | 6.5 | - | 2020-09-09 |
| CVE-2020-15645 | Marvell QConvergeConsole 代码问题漏洞 — QConvergeConsole | 8.8 | - | 2020-08-25 |
| CVE-2020-7302 | DLP ePO extension - Unrestricted Upload of File with Dangerous Type — DLP ePO extension | 5.4 | Medium | 2020-08-13 |
| CVE-2020-14488 | OpenClinic GA — OpenClinic GA | 8.8 | High | 2020-07-29 |
| CVE-2020-12005 | 多款Rockwell Automation产品代码问题漏洞 — FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software | 9.1 | - | 2020-06-15 |
| CVE-2020-11011 | RCE via file upload in Phproject — Phproject | 9.9 | Critical | 2020-04-22 |
| CVE-2020-10621 | Advantech WebAccess/NMS 代码问题漏洞 — WebAccess/NMS | 9.8 | - | 2020-04-09 |
| CVE-2020-6008 | WordPress LifterLMS插件代码问题漏洞 — LifterLMS Wordpress Plugin | 9.8 | - | 2020-03-31 |
| CVE-2020-8866 | Horde Groupware Webmail 代码问题漏洞 — Groupware Webmail Edition | 8.1 | - | 2020-03-23 |
| CVE-2020-6975 | Digi International ConnectPort LTS 32 MEI 代码问题漏洞 — Digi International ConnectPort LTS 32 MEI | 8.1 | - | 2020-02-12 |
| CVE-2020-6965 | 多款GE产品代码问题漏洞 — GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors | 9.9 | - | 2020-01-24 |
| CVE-2019-18313 | Siemens SPPA-T3000 代码问题漏洞 — SPPA-T3000 MS3000 Migration Server | 9.8 | - | 2019-12-12 |
| CVE-2019-18288 | Siemens SPPA-T3000 代码问题漏洞 — SPPA-T3000 Application Server | 8.8 | - | 2019-12-12 |
| CVE-2019-17325 | ClipSoft REXPERT 代码问题漏洞 — REXPERT | 6.5 | - | 2019-10-30 |
| CVE-2019-6839 | 多款Schneider Electric产品代码问题漏洞 — U.motion Servers (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, and MEG6260-0415 - U.motion KNX Server Plus, Touch 1) | 8.8 | - | 2019-09-17 |
| CVE-2019-1010209 | GoUrl.io GoURL Wordpress Plugin 代码问题漏洞 — GoURL Wordpress Plugin | 9.1 | - | 2019-07-23 |
| CVE-2019-1010123 | MODX Revolution Gallery 代码问题漏洞 — Gallery | 7.5 | - | 2019-07-23 |
| CVE-2019-1010062 | Pluck 代码问题漏洞 — PluckCMS | 9.8 | - | 2019-07-16 |
| CVE-2019-10935 | Siemens SIMATIC PCS 7和SIMATIC WinCC 代码问题漏洞 — SIMATIC PCS 7 V8.0 and earlier | 8.8 | - | 2019-07-11 |
| CVE-2019-12803 | Hunesion i-oneNet unrestricted file upload vulnerability — i-oneNet | 9.8 | - | 2019-07-10 |
| CVE-2019-10959 | 多款BD产品代码问题漏洞 — BD Alaris Gateway Workstation | 10.0 | - | 2019-06-13 |
| CVE-2019-3940 | Advantech WebAccess 代码问题漏洞 — WebAccess | 9.8 | - | 2019-04-09 |
| CVE-2018-17936 | NUUO CMS 安全漏洞 — NUUO CMS | 9.8 | - | 2018-11-27 |
| CVE-2017-3189 | The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload — Administration Panel | 8.1 | - | 2018-07-24 |
| CVE-2016-9492 | PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types — Generator | 9.8 | - | 2018-07-13 |
| CVE-2017-16772 | Synology Photo Station 输入验证漏洞 — Photo Station | 8.8 | - | 2018-03-22 |
| CVE-2017-7429 | Fix for NetIQ shell code upload — eDirectory | 8.8 | - | 2018-03-02 |
| CVE-2017-16594 | NetGain Enterprise Manager 安全漏洞 — NetGain Systems Enterprise Manager | 6.5 | - | 2018-01-23 |
| CVE-2017-16736 | Advantech WebAccess 安全漏洞 — Advantech WebAccess | 9.8 | - | 2018-01-12 |
Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.