CVE-2025-4258

Medium CVSS: 5.3

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor

Zhangyanbo2007

Product

Youkefu

CWE

CWE-284

Yayın Tarihi

2025-05-05 02:15:18

Güncelleme

2025-10-10 17:33:00

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Youkefu MEDIUM Zhangyanbo2007 2025

Referanslar

https://github.com/Fc04dB/VUL/blob/main/ukefu_upload.md https://vuldb.com/?ctiid.307362 https://vuldb.com/?id.307362 https://vuldb.com/?submit.562848

Benzer Kayıtlar

Medium

CVE-2025-4260

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is…

Medium

CVE-2025-3381

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown pa…

Medium

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an u…

Medium

CVE-2025-2997

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown fu…