← back
CVE-2025-4259

newbee-mall UploadController.java upload unrestricted upload

CVSS 5.3 MEDIUMEPSS 0.4%CWE-284CWE-434
A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
n/a · newbee-mall

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.mdhttps://vuldb.com/?ctiid.307363https://vuldb.com/?id.307363https://vuldb.com/?submit.562865