CVE-2025-7939

Medium CVSS: 5.3

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

Vendor

Jerryshensjf

Product

Jpacookieshop

CWE

CWE-284

Yayın Tarihi

2025-07-21 21:15:27

Güncelleme

2025-11-06 16:01:03

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Jpacookieshop MEDIUM Jerryshensjf 2025

Referanslar

https://github.com/Bemcliu/cve-reports/blob/main/cve-03-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Arbitrary%20File%20Upload/readme.md https://vuldb.com/?ctiid.317076 https://vuldb.com/?id.317076 https://vuldb.com/?submit.618986

Benzer Kayıtlar

Medium

CVE-2025-8222

A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c…

Medium

CVE-2025-8223

A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f…

Medium

CVE-2025-8221

A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f61…

Medium

CVE-2025-7938

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the…