CVE-2025-2031

MEDIUM Year: 2025
CVSS v3 Score
7.6
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2016-5536

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidential...

CWE-2842016

CVE-2016-5562

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality an...

CWE-2842016

CVE-2016-8281

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidential...

CWE-2842016

CVE-2016-8296

HIGH
CVSS:7.6(High)

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via v...

CWE-2842016

CVE-2016-8529

HIGH
CVSS:7.6(High)

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in L...

CWE-2842016

CVE-2021-38392

HIGH
CVSS:7.6(High)

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program ...

CWE-2842021