CVE-2025-2607

🗓️ 21 Mar 2025 21:00:10Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 47 Views🌐 WEB

Critical vulnerability in LzCMS-LaoZhangBoKeXiTong allows unrestricted file uploads remotely.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-2607	21 Mar 202521:21	–	circl
CNNVD	LzCMS 代码问题漏洞	21 Mar 202500:00	–	cnnvd
Cvelist	CVE-2025-2607 phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload	21 Mar 202521:00	–	cvelist
EUVD	EUVD-2025-7211	3 Oct 202520:07	–	euvd
NVD	CVE-2025-2607	21 Mar 202521:15	–	nvd
Positive Technologies	PT-2025-12451 · Unknown · Lzcms-Laozhangbokexitong	21 Mar 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-2607	23 Mar 202521:17	–	redhatcve
Vulnrichment	CVE-2025-2607 phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload	21 Mar 202521:00	–	vulnrichment

NVD

Vulners

Node

phplaozhang lzcms-laozhangbokexitongRange≤1.1.4

[
  {
    "vendor": "phplaozhang",
    "product": "LzCMS-LaoZhangBoKeXiTong",
    "versions": [
      {
        "version": "1.1.0",
        "status": "affected"
      },
      {
        "version": "1.1.1",
        "status": "affected"
      },
      {
        "version": "1.1.2",
        "status": "affected"
      },
      {
        "version": "1.1.3",
        "status": "affected"
      },
      {
        "version": "1.1.4",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP POST Request Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/Jingyi-u/lzcms/tree/main

Parameter	Position	Path	Description	CWE
File	request body	/admin/upload/upimage.html	Unrestricted file upload via HTTP POST on /admin/upload/upimage.html leading to potential remote code execution.	CWE-284, CWE-434

01 Apr 2025 20:15Current

7.2High risk

Vulners AI Score7.2

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3

EPSS0.00063

SSVC