CNNVD-202508-778 Information

CNNVD ID

CNNVD-202508-778

Related CVE

CVE-2012-10045

• CNNVD Published: 2025-08-08

Description (Chinese)

Sourceforge XODA是Sourceforge开源的一个文件管理软件。 Sourceforge XODA 0.4.5版本存在安全漏洞，该漏洞源于上传功能未验证文件类型，可能导致任意文件上传和远程代码执行。

Description (English)

Sonceforge XODA is a file management software from the Sourceforge open source. There is a security loophole in version 0.4.5 of Sourceforge XODA, which stems from the unverified file type of upload function, which may lead to any document upload and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sourceforge

Published

2025-08-08

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/xoda_file_upload.rb https://sourceforge.net/projects/xoda/ https://www.exploit-db.com/exploits/20703 https://www.exploit-db.com/exploits/20713 https://www.vulncheck.com/advisories/xoda-arbitrary-php-file-upload https://xoda.org/ https://access.redhat.com/security/cve/cve-2012-10045