← back
CVE-2025-3798

WCMS Advertisement Image AdvadminController.php sub unrestricted upload

CVSS 5.1 MEDIUMEPSS 0.4%CWE-284CWE-434
A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
n/a · WCMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/IceFoxH/VULN/issues/16https://vuldb.com/?ctiid.305651https://vuldb.com/?id.305651https://vuldb.com/?submit.554696