CVE-2025-3807

zhenfeng13 My-BBS Endpoint UploadController.java upload unrestricted upload

CVSS 5.3 MEDIUMEPSS 0.4%CWE-284 CWE-434

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 abr 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Produtos afetados

zhenfeng13 · My-BBS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/caigo8/CVE-md/blob/main/My-bbs/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md https://vuldb.com/?ctiid.305661 https://vuldb.com/?id.305661 https://vuldb.com/?submit.555258