An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
References
Link | Resource |
---|---|
https://gist.github.com/Cafe-Tea/b72d442be434e1dafe7810c938892b06 | Third Party Advisory |
https://github.com/erupts/erupt | Product |
https://www.erupt.xyz/#%21/ | Product |
Configurations
History
23 Jun 2025, 14:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/Cafe-Tea/b72d442be434e1dafe7810c938892b06 - Third Party Advisory | |
References | () https://github.com/erupts/erupt - Product | |
References | () https://www.erupt.xyz/#%21/ - Product | |
CPE | cpe:2.3:a:erupt:erupt:*:*:*:*:*:*:*:* | |
First Time |
Erupt
Erupt erupt |
04 Jun 2025, 14:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Jun 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
03 Jun 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-03 14:15
Updated : 2025-06-23 14:25
NVD link : CVE-2025-45855
Mitre link : CVE-2025-45855
CVE.ORG link : CVE-2025-45855
JSON object : View
Products Affected
erupt
- erupt
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type