CVE-2025-2607 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionali…
Medium CVSS: 5.3

CVE-2025-2607

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Vendor
Phplaozhang
Product
Lzcms-laozhangbokexitong
CWE
CWE-284
Yayın Tarihi
2025-03-21 21:15:37
Güncelleme
2025-04-01 20:15:25
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-284 Lzcms-laozhangbokexitong MEDIUM Phplaozhang 2025

Referanslar

https://github.com/Jingyi-u/lzcms/tree/main https://vuldb.com/?ctiid.300590 https://vuldb.com/?id.300590 https://vuldb.com/?submit.518021 https://github.com/Jingyi-u/lzcms/tree/main