CVE-2025-15415

🗓️ 01 Jan 2026 22:02:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 11 Views🌐 WEB

This vulnerability in wangmarket up to version 6.4 enables unrestricted image upload via uploadImage.do.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-15415	1 Jan 202622:28	–	circl
CNNVD	wangmarket 代码问题漏洞	1 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-15415 xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload	1 Jan 202622:02	–	cvelist
EUVD	EUVD-2026-0724	2 Jan 202600:30	–	euvd
NVD	CVE-2025-15415	1 Jan 202622:15	–	nvd
Positive Technologies	PT-2026-1031	1 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15415	2 Jan 202622:31	–	redhatcve
Vulnrichment	CVE-2025-15415 xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload	1 Jan 202622:02	–	vulnrichment

NVD

Vulners

Node

wang.market wangmarketRange≤6.4

[
  {
    "vendor": "xnx3",
    "product": "wangmarket",
    "versions": [
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "6.1",
        "status": "affected"
      },
      {
        "version": "6.2",
        "status": "affected"
      },
      {
        "version": "6.3",
        "status": "affected"
      },
      {
        "version": "6.4",
        "status": "affected"
      }
    ],
    "modules": [
      "XML File Handler"
    ]
  }
]

Source	Link
github	www.github.com/yuccun/CVE/blob/main/wangmarket-Upload2StoredXSS.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
image	request body	/sits/uploadImage.do	Unrestricted file upload via uploadImage endpoint allowing arbitrary file upload.	CWE-284, CWE-434

17 Jun 2026 08:37Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.7 - 5.4

CVSS 45.1

CVSS 25.8

CVSS 34.7

EPSS0.00206

SSVC