Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2019

2019 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14800 Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload — Redirection for Contact Form 7 8.1 High2025-12-21
CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data — File Uploader for WooCommerce 9.8 Critical2025-12-20
CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation — WYSIWYG Editor 9.8 Critical2025-12-19
CVE-2023-53956 Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution — flatnux 8.8 High2025-12-19
CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload — Dotclear 8.8 High2025-12-19
CVE-2025-14849 Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type — WebAccess/SCADA 8.8 High2025-12-18
CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution — File Thingie 8.8 High2025-12-18
CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload — Xperience 8.8 High2025-12-18
CVE-2025-14885 SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload — Client Database Management System 6.3 Medium2025-12-18
CVE-2025-66074 WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability — WP Webhooks 9.0 Critical2025-12-18
CVE-2025-64374 WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability — Motors 9.9 Critical2025-12-18
CVE-2025-64231 WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability — WordPress Contact Form 7 PDF, Google Sheet & Database 9.9 Critical2025-12-18
CVE-2023-53933 Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload — Serendipity 8.8 High2025-12-17
CVE-2023-53924 UliCMS 2023.1-sniffing-vicuna Remote Code Execution via Avatar Upload — Ulicms 8.8 High2025-12-17
CVE-2023-53922 TinyWebGallery v2.5 Remote Code Execution via Unrestricted File Upload — TinyWebGallery 9.8 Critical2025-12-17
CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload — SitemagicCMS 9.8 Critical2025-12-17
CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager — Blackcat CMS 7.2AIHighAI2025-12-15
CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload — Perch 7.2AIHighAI2025-12-15
CVE-2023-53885 Webutler v3.2 Remote Code Execution via Arbitrary File Upload — Webutler 7.2AIHighAI2025-12-15
CVE-2023-53876 Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings — Academy LMS 5.4AIMediumAI2025-12-15
CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic — Soosyze 9.8AICriticalAI2025-12-15
CVE-2023-53869 WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution — WebIGniter 8.8AIHighAI2025-12-15
CVE-2023-53868 Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload — coppermine-gallery 8.8AIHighAI2025-12-15
CVE-2025-14642 code-projects Computer Laboratory System technical_staff_pic.php unrestricted upload — Computer Laboratory System 4.7 Medium2025-12-14
CVE-2025-14641 code-projects Computer Laboratory System admin_pic.php unrestricted upload — Computer Laboratory System 4.7 Medium2025-12-14
CVE-2025-13094 WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload — WP3D Model Import Viewer 8.8 High2025-12-13
CVE-2025-14583 campcodes Online Student Enrollment System register.php unrestricted upload — Online Student Enrollment System 7.3 High2025-12-12
CVE-2025-14582 campcodes Online Student Enrollment System index.php unrestricted upload — Online Student Enrollment System 4.7 Medium2025-12-12
CVE-2025-12968 Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload — Infility Global 8.8 High2025-12-12
CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload — WBCE CMS 7.2AIHighAI2025-12-11

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2019 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.