Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2034

2034 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CWE-434 represents a critical input validation weakness where applications permit the upload of file types that are inherently dangerous or automatically processed by the system. Attackers typically exploit this vulnerability by uploading malicious scripts, such as web shells or executable binaries, disguised as legitimate documents or images. Once uploaded, these files are executed by the server, granting the attacker remote code execution capabilities and potentially full system compromise. To mitigate this risk, developers must implement strict allowlists that define only the specific, safe file extensions permitted for upload. Additionally, files should be stored outside the web root directory to prevent direct execution, and content verification techniques, such as checking file headers rather than relying solely on extensions, should be employed to ensure integrity and prevent evasion of basic validation checks.

MITRE CWE Description
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Common Consequences (1)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for web-server extensions such as .asp and .php because these file types are often treated as automatically executable, even when file system permissions do not spec…
Mitigations (5)
Architecture and DesignGenerate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]
Architecture and DesignWhen the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Architecture and DesignConsider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Architecture and DesignDefine a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types.
Examples (2)
The following code intends to allow a user to upload a picture to the web server. The HTML code that drives the form on the user end has an input field of type "file".
<form action="upload_picture.php" method="post" enctype="multipart/form-data"> Choose a file to upload: <input type="file" name="filename"/> <br/> <input type="submit" name="submit" value="Submit"/> </form>
Good · HTML
// Define the target location where the picture being // uploaded is going to be saved. $target = "pictures/" . basename($_FILES['uploadedfile']['name']); // Move the uploaded file to the new location. if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target)) { echo "The picture has been successfully uploaded."; } else { echo "There was an error uploading the picture, please try again."; }
Bad · PHP
The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.
<form action="FileUploadServlet" method="post" enctype="multipart/form-data"> Choose a file to upload: <input type="file" name="filename"/> <br/> <input type="submit" name="submit" value="Submit"/> </form>
Good · HTML
public class FileUploadServlet extends HttpServlet { ... protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String contentType = request.getContentType(); // the starting position of the boundary header int ind = contentType.indexOf("boundary="); String boundary = contentType.substring(ind+9); String pLine = new String(); String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value // verify that content type is multipart form data i
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2023-25970 WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload — Zendrop – Global Dropshipping 10.0 Critical2023-12-20
CVE-2023-28170 WordPress Theme Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Upload — Theme Demo Import 9.1 Critical2023-12-20
CVE-2023-29102 WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Upload — Olive One Click Demo Import 9.1 Critical2023-12-20
CVE-2023-29384 WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload — WordPress Job Board and Recruitment Plugin – JobWP 10.0 Critical2023-12-20
CVE-2023-31215 WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload — Dropshipping & Affiliation with Amazon 9.9 Critical2023-12-20
CVE-2023-31231 WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload — Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 9.9 Critical2023-12-20
CVE-2023-33318 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload — AutomateWoo 9.9 Critical2023-12-20
CVE-2023-34007 WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload — Download Monitor 9.9 Critical2023-12-20
CVE-2023-34385 WordPress Export Import Menus Plugin <= 1.8.0 is vulnerable to Arbitrary File Upload — Export Import Menus 9.9 Critical2023-12-20
CVE-2023-40204 WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager 9.1 Critical2023-12-20
CVE-2023-45603 WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload — User Submitted Posts – Enable Users to Submit Posts from the Front End 9.0 Critical2023-12-20
CVE-2023-46149 WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload — Themify Ultra 9.9 Critical2023-12-20
CVE-2023-47784 WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload — Slider Revolution 8.4 High2023-12-20
CVE-2023-49814 WordPress Symbiostock Lite Plugin <= 6.0.0 is vulnerable to Arbitrary File Upload — Symbiostock 9.1 Critical2023-12-20
CVE-2023-6976 Unrestricted Upload of File with Dangerous Type — mlflow/mlflow 9.1 -2023-12-20
CVE-2023-47706 IBM Security Guardium Key Lifecycle Manager file upload — Security Guardium Key Lifecycle Manager 6.6 Medium2023-12-20
CVE-2023-6902 codelyfe Stupid Simple CMS upload.php unrestricted upload — Stupid Simple CMS 5.5 Medium2023-12-17
CVE-2023-6887 saysky ForestBlog Image Upload img unrestricted upload — ForestBlog 6.3 Medium2023-12-17
CVE-2023-6850 kalcaddle KodExplorer API Endpoint unrestricted upload — KodExplorer 6.3 Medium2023-12-16
CVE-2023-48394 Kaifa Technology WebITR - Arbitrary File Upload — WebITR 8.8 High2023-12-15
CVE-2023-48376 SmartStar Software CWS Web-Base - Arbitrary File Upload — CWS Web-Base 9.8 Critical2023-12-15
CVE-2023-6827 Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload — Essential Real Estate 7.5 High2023-12-15
CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload — E2Pdf – Export Pdf Tool for WordPress 7.2 High2023-12-15
CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload — OMICARD EDM 's SMS 9.8 Critical2023-12-15
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface — PAN-OS 5.5 Medium2023-12-13
CVE-2023-6723 Unrestricted Upload of File with Dangerous Type in Repox — Repox 10.0 Critical2023-12-13
CVE-2023-4122 Student Information System v1.0 - Insecure File Upload — Student Information System 9.9 Critical2023-12-07
CVE-2023-6576 Byzoro S210 HTTP POST Request uploadfile.php unrestricted upload — S210 6.3 Medium2023-12-07
CVE-2023-6574 Byzoro Smart S20 HTTP POST Request updateos.php unrestricted upload — Smart S20 6.3 Medium2023-12-07
CVE-2023-40460 Improper input leads to DoS — ALEOS 7.1 High2023-12-04

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2034 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.