目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-434 危险类型文件的不加限制上传 类漏洞列表 2034

CWE-434 危险类型文件的不加限制上传 类弱点 2034 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-434 属于不安全的文件上传漏洞,指系统允许上传并自动处理危险类型的文件。攻击者通常利用此缺陷上传恶意脚本或可执行文件,进而通过服务器自动执行功能获取系统控制权或植入后门。开发者应避免仅依赖文件扩展名验证,需结合内容检测、白名单机制及隔离存储策略,严格限制可上传的文件类型,从而有效阻断此类攻击路径。

MITRE CWE 官方描述
CWE:CWE-434 不受限制的危险类型文件上传 英文:该产品允许上传或传输危险的文件类型,这些文件会在其环境中被自动处理。
常见影响 (1)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for web-server extensions such as .asp and .php because these file types are often treated as automatically executable, even when file system permissions do not spec…
缓解措施 (5)
Architecture and DesignGenerate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]
Architecture and DesignWhen the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Architecture and DesignConsider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Architecture and DesignDefine a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types.
代码示例 (2)
The following code intends to allow a user to upload a picture to the web server. The HTML code that drives the form on the user end has an input field of type "file".
<form action="upload_picture.php" method="post" enctype="multipart/form-data"> Choose a file to upload: <input type="file" name="filename"/> <br/> <input type="submit" name="submit" value="Submit"/> </form>
Good · HTML
// Define the target location where the picture being // uploaded is going to be saved. $target = "pictures/" . basename($_FILES['uploadedfile']['name']); // Move the uploaded file to the new location. if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target)) { echo "The picture has been successfully uploaded."; } else { echo "There was an error uploading the picture, please try again."; }
Bad · PHP
The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.
<form action="FileUploadServlet" method="post" enctype="multipart/form-data"> Choose a file to upload: <input type="file" name="filename"/> <br/> <input type="submit" name="submit" value="Submit"/> </form>
Good · HTML
public class FileUploadServlet extends HttpServlet { ... protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String contentType = request.getContentType(); // the starting position of the boundary header int ind = contentType.indexOf("boundary="); String boundary = contentType.substring(ind+9); String pLine = new String(); String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value // verify that content type is multipart form data i
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2023-3049 TMT Lockcell 代码问题漏洞 — Lockcell 9.8 Critical2023-06-13
CVE-2023-3187 Teachers Record Management System 代码问题漏洞 — Teachers Record Management System 6.3 Medium2023-06-09
CVE-2023-27881 PTC Vuforia Studio 代码问题漏洞 — Vuforia Studio 8.0 High2023-06-07
CVE-2020-36705 WordPress Plugin Adning Advertising 代码问题漏洞 — Adning Advertising 9.8 Critical2023-06-07
CVE-2021-4382 WordPress Plugin Recently 代码问题漏洞 — Recently 8.8 High2023-06-07
CVE-2022-4949 WordPress Plugin AdSanity 代码问题漏洞 — AdSanity 8.8 High2023-06-07
CVE-2016-15033 WordPress Plugin Delete All Comments 代码问题漏洞 — Delete All Comments 9.8 Critical2023-06-07
CVE-2021-4354 WordPress Plugin PWA for WP & AMP 代码问题漏洞 — PWA for WP – Progressive Web Apps Made Simple 8.8 High2023-06-07
CVE-2019-25138 WordPress Plugin User Submitted Posts 代码问题漏洞 — User Submitted Posts – Enable Users to Submit Posts from the Front End 9.8 Critical2023-06-07
CVE-2020-36701 WordPress Plugin Page Builder: KingComposer 代码问题漏洞 — Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme 8.8 High2023-06-07
CVE-2023-22450 Advantech WebAccess/SCADA 代码问题漏洞 — WebAccess/SCADA 7.2 High2023-06-05
CVE-2023-32628 Advantech WebAccess/SCADA 代码问题漏洞 — WebAccess/SCADA 7.2 High2023-06-05
CVE-2023-3061 Agro-School Management System 代码问题漏洞 — Agro-School Management System 6.3 Medium2023-06-02
CVE-2023-3032 Mobatime 代码问题漏洞 — Mobatime web application 8.1 High2023-06-02
CVE-2023-2063 Mitsubishi Electric MELSEC 代码问题漏洞 — MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 6.3 Medium2023-06-02
CVE-2023-28700 ITPison OMICARD EDM 代码问题漏洞 — OMICARD EDM 6.8 Medium2023-06-02
CVE-2023-28699 Wade Graphic Design FANTSY 代码问题漏洞 — FANTSY 8.8 High2023-06-02
CVE-2014-125104 WordPress plugin VaultPress 代码问题漏洞 — VaultPress Plugin 6.3 Medium2023-06-01
CVE-2023-32689 Parse Server 代码问题漏洞 — parse-server 6.3 Medium2023-05-30
CVE-2023-2924 Supcon SimField 代码问题漏洞 — SimField 4.7 Medium2023-05-27
CVE-2023-2888 PHPOK 代码问题漏洞 — PHPOK 4.7 Medium2023-05-25
CVE-2023-2712 Ideasoft E-commerce Platform 代码问题漏洞 — Rental Module 9.8 Critical2023-05-20
CVE-2023-2776 Simple Photo Gallery 代码问题漏洞 — Simple Photo Gallery 6.3 Medium2023-05-17
CVE-2023-2738 TONGDA Office Anywhere 代码问题漏洞 — OA 6.3 Medium2023-05-16
CVE-2023-2648 Weaver E-Office 代码问题漏洞 — E-Office 6.3 Medium2023-05-11
CVE-2023-28128 Ivanti Avalanche 代码问题漏洞 — Avalanche 8.1 -2023-05-09
CVE-2023-2523 Weaver E-Office 代码问题漏洞 — E-Office 7.3 High2023-05-04
CVE-2022-45802 Apache StreamPark 代码问题漏洞 — Apache StreamPark (incubating) 8.1 -2023-05-01
CVE-2023-2424 Desdev DedeCMS 代码问题漏洞 — DedeCMS 6.3 Medium2023-04-29
CVE-2023-2419 Zhongbang CRMEB 代码问题漏洞 — CRMEB 4.7 Medium2023-04-29

CWE-434(危险类型文件的不加限制上传) 是常见的弱点类别,本平台收录该类弱点关联的 2034 条 CVE 漏洞。