4 matches found
CVE-2025-32028
creationtimestamp| type| source ---|---|--- 2025-04-08 16:46:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10954 2025-04-08 17:40:20+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lmczgetxro2h 2025-04-08 17:48:13+00:00| seen|...
CVE-2025-32028
HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...
CVE-2025-32028
CVE-2025-32028 affects HAX CMS PHP. The issue lies in the save() function in HAXCMSFile.php, which blocks only a non-exhaustive list of file types (.php, .sh, .js, .css); the logic is described as fail-open, enabling insecure file uploads. This can lead to remote code execution as described acros...
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution
HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...