CVE-2025-45855
An active CVE exists for erupt v1.12.19: arbitrary file upload in the /upload/GoodsCategory/image component can lead to code execution. The root cause is an unsecured upload endpoint that accepts crafted files, enabling an attacker to execute arbitrary code on the host. MITRE/attack details are n...