13 matches found
📄 eGovFramework 4.3.1 Arbitrary File Upload
eGovFramework version 4.3.1 proof of concept exploit that demonstrates an arbitrary file upload vulnerability. ============================================================================================================================================= | Title : eGovFramework 4.3.1 Unauthenticate...
CVE-2025-34336
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the...
CVE-2025-34337
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...
CVE-2025-34336
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the...
CVE-2025-34337
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...
CVE-2025-34337
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...
CVE-2025-34336
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the...
CVE-2025-34336 eGovFramework <= 4.3.1 Unauthenticated File Upload via Web Editor Image Upload Endpoints
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the...
CVE-2025-34336
Affected software: eGovFramework/egovframe-common-components
CVE-2025-34336 eGovFramework <= 4.3.1 Unauthenticated File Upload via Web Editor Image Upload Endpoints
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the...
CVE-2025-34337 eGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload Endpoints
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...
PT-2025-47485
Name of the Vulnerable Software and Affected Versions eGovFramework/egovframe-common-components versions up to and including 4.3.1 Description The software contains an unauthenticated file upload issue through the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do API endpoints. These endpoint...
PT-2025-47486
Name of the Vulnerable Software and Affected Versions eGovFramework/egovframe-common-components versions up to and including 4.3.1 Description The Web Editor image upload functionality within the software uses symmetric encryption for URL parameters but reveals an encryption oracle. This allows...