29 matches found
CVE-2025-11136
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...
CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...
CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...
CVE-2025-11136
YiFang CMS up to version 2.0.2 contains a flaw in the Backend component where the webUploader function (file: app/app/controller/File.php) mishandles the uploadpath parameter, enabling unrestricted file uploads. The vulnerability can be exploited remotely, and the exploit has been published. Affe...
PT-2025-39804
Name of the Vulnerable Software and Affected Versions YiFang CMS versions up to 2.0.2 Description A flaw exists in YiFang CMS that allows for unrestricted file uploads. This is due to manipulation of the uploadpath argument within the webUploader function located in the app/app/controller/File.ph...
Yifang CMS 代码问题漏洞
Yifang CMS is a PHP enterprise website development and construction management system of China Yifang Company. A code issue vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from the incorrect operation of the parameter uploadpath of the function webUploader of the...
VulnCheck KEV: CVE-2024-3804
A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may...
Vesystem Cloud Desktop 代码问题漏洞
Vesystem Cloud Desktop is a cloud desktop system from China's Hexin Chuangtian Vesystem. A code issue vulnerability exists in Vesystem Cloud Desktop 20240408 and prior versions, which stems from the parameter file in the file /Public/webuploader/0.1.5/server/fileupload.php that can lead to...
Baidu WebUploader component suffers from file upload vulnerability
WebUploader is a simple HTML5-based, FLASH-supported modern file upload component developed by the Baidu WebFE FEX team. A file upload vulnerability exists in the Baidu WebUploader component. The vulnerability is due to the WebUploader component upload page to the file type or file extension...