Lucene search
K

4 matches found

Circl
Circl
added 2025/04/08 4:46 p.m.8 views

CVE-2025-32028

creationtimestamp| type| source ---|---|--- 2025-04-08 16:46:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10954 2025-04-08 17:40:20+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lmczgetxro2h 2025-04-08 17:48:13+00:00| seen|...

9.9CVSS4.8AI score0.01838EPSS
Exploits1References4
NVD
NVD
added 2025/04/08 4:15 p.m.19 views

CVE-2025-32028

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

9.9CVSS0.01838EPSS
Exploits1References1
CVE
CVE
added 2025/04/08 4:6 p.m.68 views

CVE-2025-32028

CVE-2025-32028 affects HAX CMS PHP. The issue lies in the save() function in HAXCMSFile.php, which blocks only a non-exhaustive list of file types (.php, .sh, .js, .css); the logic is described as fail-open, enabling insecure file uploads. This can lead to remote code execution as described acros...

9.9CVSS7.1AI score0.01838EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/08 4:6 p.m.7 views

CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

9.9CVSS7.1AI score0.01838EPSS
Exploits1References1
Rows per page
Query Builder