Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2013

2013 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5670 Cyber-III Student-Management-System upload.php move_uploaded_file unrestricted upload — Student-Management-System 6.3 Medium2026-04-06
CVE-2026-5704 Tar: tar: hidden file injection via crafted archives — Red Hat Enterprise Linux 10 5.0 Medium2026-04-06
CVE-2019-25673 UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload — Laravel File Manager 8.8 High2026-04-05
CVE-2026-5576 SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload — Record Management System 4.7 Medium2026-04-05
CVE-2026-5573 Technostrobe HI-LED-WR120-G2 fs unrestricted upload — HI-LED-WR120-G2 7.3 High2026-04-05
CVE-2026-5546 Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload — Complete Online Learning Management System 6.3 Medium2026-04-05
CVE-2016-20052 Snews CMS 1.7 Unrestricted File Upload via snews_files — Snews CMS upload sheller 9.8 Critical2026-04-04
CVE-2025-14938 Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload — Listeo-Core - Directory Plugin by Purethemes 5.3 Medium2026-04-04
CVE-2026-5472 ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload — School Management System 6.3 Medium2026-04-03
CVE-2026-34735 Hytale Modding Vulnerable to Remote Code Execution via File Upload Bypass in `FileController` — wiki 8.1AIHighAI2026-04-02
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones Controller 9.1 Critical2026-04-02
CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload — IQSS Dataverse 6.3 Medium2026-04-01
CVE-2026-5261 Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload — InforCenter PLM 7.3 High2026-04-01
CVE-2026-5181 SourceCodester Simple Doctors Appointment System ajax.php unrestricted upload — Simple Doctors Appointment System 6.3 Medium2026-03-31
CVE-2025-32957 baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE) — basercms 8.7 High2026-03-31
CVE-2026-5001 PromtEngineer localGPT server.py do_POST unrestricted upload — localGPT 7.3 High2026-03-28
CVE-2026-25099 Remote Code Execution via Unrestricted File Upload in Bludit — Bludit 8.8 -2026-03-27
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules — sharp 8.8 High2026-03-26
CVE-2025-55267 HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability — Aftermarket DPC 5.7 Medium2026-03-26
CVE-2026-4875 itsourcecode Free Hotel Reservation System index.php unrestricted upload — Free Hotel Reservation System 4.7 Medium2026-03-26
CVE-2026-4809 Unsafe Client MIME Type Handling Can Enable Arbitrary File Upload in plank/laravel-mediable — laravel-mediable 9.8 Critical2026-03-26
CVE-2026-4830 kalcaddle kodbox Public Share userShare.class.php add privilege escalation — kodbox 5.6 Medium2026-03-26
CVE-2026-23636 Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type — Secure Data Forms 5.5 Medium2026-03-25
CVE-2026-32536 WordPress Green Downloads plugin <= 2.08 - Arbitrary File Upload vulnerability — Green Downloads 9.8 -2026-03-25
CVE-2026-32523 WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability — WPJAM Basic 8.8 -2026-03-25
CVE-2026-32524 WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability — Photo Engine 9.8 -2026-03-25
CVE-2026-32482 WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability — Ona 9.8 -2026-03-25
CVE-2026-25413 WordPress WPBookit Pro plugin <= 1.6.18 - Arbitrary File Upload vulnerability — WPBookit Pro 9.9 Critical2026-03-25
CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager — PhreeBooks ERP 8.8 High2026-03-24
CVE-2019-25630 PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager — PhreeBooks ERP 8.8 High2026-03-24

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2013 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.