Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager — PhreeBooks ERP 8.8 High2026-03-24
CVE-2019-25630 PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager — PhreeBooks ERP 8.8 High2026-03-24
CVE-2019-25627 FlexHEX 2.71 Local Buffer Overflow via SEH Unicode — FlexHEX 8.4 High2026-03-24
CVE-2019-25626 River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code — River Past Cam Do 8.4 High2026-03-24
CVE-2026-3533 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import — Jupiter X Core 8.8 High2026-03-23
CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin — connect-cms 8.2 High2026-03-23
CVE-2025-60947 Census CSWeb arbitrary file upload — CSWeb 8.8 High2026-03-23
CVE-2026-33717 AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort — AVideo 8.8 High2026-03-23
CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload — AVideo 8.8 High2026-03-23
CVE-2026-4586 CodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted upload — Chat2DB 6.3 Medium2026-03-23
CVE-2019-25616 AnMing MP3 CD Burner 2.0 Local Denial of Service — AnMing MP3 CD Burner 6.2 Medium2026-03-22
CVE-2026-4536 Acrel Environmental Monitoring Cloud Platform unrestricted upload — Environmental Monitoring Cloud Platform 7.3 High2026-03-22
CVE-2019-25582 i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter — doit CMDB 6.5 Medium2026-03-21
CVE-2019-25580 ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php — ownDMS 8.2 High2026-03-21
CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload — DB-GPT 6.3 Medium2026-03-20
CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads — FileRise 4.3 Medium2026-03-20
CVE-2026-32756 Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module — admidio 8.8 High2026-03-19
CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM — SuiteCRM 2.7 Low2026-03-19
CVE-2026-27043 WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability — Photography 7.2 High2026-03-19
CVE-2026-27067 WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability — Mobile App Editor 9.1 Critical2026-03-19
CVE-2026-27540 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability — Woocommerce Wholesale Lead Capture 8.1 -2026-03-19
CVE-2026-28674 xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution) — xiaoheiFS 7.2 High2026-03-18
CVE-2026-4221 Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload — Easy7 Integrated Management Platform 7.3 High2026-03-16
CVE-2026-4220 Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload — Integrated Management Platform 7.3 High2026-03-16
CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload — SDT-CS3B1 9.8 Critical2026-03-16
CVE-2026-4201 glowxq glowxq-oj SysFileController.java upload unrestricted upload — glowxq-oj 7.3 High2026-03-16
CVE-2026-4191 JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload — node-api-postgres 7.3 High2026-03-15
CVE-2026-3891 Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload — Pix for WooCommerce 9.8 Critical2026-03-13
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass — Royal Addons for Elementor – Addons and Templates Kit for Elementor 8.8 High2026-03-11
CVE-2026-3800 SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload — Resort Reservation System 6.3 Medium2026-03-09

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.