Lucene search
K

29 matches found

NVD
NVD
added 2025/09/29 3:15 a.m.6 views

CVE-2025-11136

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

7.2CVSS0.00366EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/29 2:2 a.m.9 views

CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

5.8CVSS0.00366EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/29 2:2 a.m.6 views

CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

5.8CVSS6.5AI score0.00366EPSS
Exploits1References4
CVE
CVE
added 2025/09/29 2:2 a.m.20 views

CVE-2025-11136

YiFang CMS up to version 2.0.2 contains a flaw in the Backend component where the webUploader function (file: app/app/controller/File.php) mishandles the uploadpath parameter, enabling unrestricted file uploads. The vulnerability can be exploited remotely, and the exploit has been published. Affe...

7.2CVSS5AI score0.00366EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.7 views

PT-2025-39804

Name of the Vulnerable Software and Affected Versions YiFang CMS versions up to 2.0.2 Description A flaw exists in YiFang CMS that allows for unrestricted file uploads. This is due to manipulation of the uploadpath argument within the webUploader function located in the app/app/controller/File.ph...

7.2CVSS4.5AI score0.00366EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.5 views

Yifang CMS 代码问题漏洞

Yifang CMS is a PHP enterprise website development and construction management system of China Yifang Company. A code issue vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from the incorrect operation of the parameter uploadpath of the function webUploader of the...

7.2CVSS5.3AI score0.00366EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-3804

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

6.5CVSS5.4AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

Vesystem Cloud Desktop 代码问题漏洞

Vesystem Cloud Desktop is a cloud desktop system from China's Hexin Chuangtian Vesystem. A code issue vulnerability exists in Vesystem Cloud Desktop 20240408 and prior versions, which stems from the parameter file in the file /Public/webuploader/0.1.5/server/fileupload.php that can lead to...

6.5CVSS6.6AI score0.00471EPSS
Exploits0References5
CNVD
CNVD
added 2018/11/19 12:0 a.m.3 views

Baidu WebUploader component suffers from file upload vulnerability

WebUploader is a simple HTML5-based, FLASH-supported modern file upload component developed by the Baidu WebFE FEX team. A file upload vulnerability exists in the Baidu WebUploader component. The vulnerability is due to the WebUploader component upload page to the file type or file extension...

7.2AI score
Exploits0
Rows per page
Query Builder