CVE-2025-13574

code-projects Online Bidding System addcategory.php categoryadd unrestricted upload

CVSS 5.1 MEDIUMEPSS 0.3%CWE-284 CWE-434

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 nov 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

code-projects · Online Bidding System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://code-projects.org/https://github.com/Yohane-Mashiro/cve/blob/main/upload%201.md https://vuldb.com/?ctiid.333338 https://vuldb.com/?id.333338 https://vuldb.com/?submit.698717 https://vuldb.com/?submit.698718