CVE-2025-4259

Medium CVSS: 5.3

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Vendor

Newbee-mall Project

Product

Newbee-mall

CWE

CWE-284

Yayın Tarihi

2025-05-05 03:15:23

Güncelleme

2025-10-10 19:09:34

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Newbee-mall MEDIUM Newbee-mall Project 2025

Referanslar

https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.md https://vuldb.com/?ctiid.307363 https://vuldb.com/?id.307363 https://vuldb.com/?submit.562865

Benzer Kayıtlar

Critical

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisi…

Critical

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not inco…

Medium

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The…

Medium

CVE-2025-10422

A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the fun…

Medium

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /…