Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0577 code-projects Online Product Reservation System prod.php unrestricted upload — Online Product Reservation System 6.3 Medium2026-01-04
CVE-2026-0566 code-projects Content Management System edit_posts.php unrestricted upload — Content Management System 4.7 Medium2026-01-02
CVE-2026-0547 PHPGurukul Online Course Registration Student Registration edit-student-profile.php unrestricted upload — Online Course Registration 6.3 Medium2026-01-02
CVE-2025-15426 jackying H-ui.admin preview.php unrestricted upload — H-ui.admin 7.3 High2026-01-02
CVE-2025-15423 EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload — EmpireCMS 6.3 Medium2026-01-02
CVE-2025-15415 xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload — wangmarket 4.7 Medium2026-01-01
CVE-2025-15404 campcodes School File Management System save_file.php unrestricted upload — School File Management System 6.3 Medium2026-01-01
CVE-2025-67707 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS Server 5.6 Medium2025-12-31
CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS Server 5.6 Medium2025-12-31
CVE-2025-15360 newbee-mall-plus Product Information Edit UploadController.java upload unrestricted upload — newbee-mall-plus 4.7 Medium2025-12-30
CVE-2025-15262 BiggiDroid Simple PHP CMS Site Logo edit.php unrestricted upload — Simple PHP CMS 4.7 Medium2025-12-30
CVE-2025-68562 WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Upload vulnerability — MapSVG 9.9 Critical2025-12-29
CVE-2025-15199 code-projects College Notes Uploading System userprofile.php unrestricted upload — College Notes Uploading System 6.3 Medium2025-12-29
CVE-2025-55061 Priority - CWE-434 Unrestricted Upload of File with Dangerous Type — Web 8.8 High2025-12-29
CVE-2025-15197 code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload — Content Management System 4.7 Medium2025-12-29
CVE-2025-15228 WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Upload — BPMFlowWebkit 9.8 Critical2025-12-29
CVE-2025-15226 Sunnet|WMPro - Arbitrary File Upload — WMPro 9.8 Critical2025-12-29
CVE-2025-15067 Unrestricted File Upload and RCE in Innorix WP — Innorix WP 7.7 High2025-12-29
CVE-2025-15152 h-moses moga-mall PmsProductController.java addProduct unrestricted upload — moga-mall 6.3 Medium2025-12-28
CVE-2025-15110 jackq XCMS Backend ProductImageController.class.php upload unrestricted upload — XCMS 4.7 Medium2025-12-27
CVE-2025-15109 jackq XCMS upload.php unrestricted upload — XCMS 7.3 High2025-12-27
CVE-2025-2155 Arbitrary File Upload in EchoCCS's Specto CM — Specto CM 8.8 High2025-12-24
CVE-2025-15050 code-projects Student File Management System save_file.php unrestricted upload — Student File Management System 6.3 Medium2025-12-24
CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation — projectSend 9.8 Critical2025-12-22
CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload — WebTareas 8.8 High2025-12-22
CVE-2025-15009 liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload — ChestnutCMS 6.3 Medium2025-12-22
CVE-2025-14800 Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload — Redirection for Contact Form 7 8.1 High2025-12-21
CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data — File Uploader for WooCommerce 9.8 Critical2025-12-20
CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation — WYSIWYG Editor 9.8 Critical2025-12-19
CVE-2023-53956 Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution — flatnux 8.8 High2025-12-19

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.