CNNVD-202509-3184 Information

CNNVD ID

CNNVD-202509-3184

Related CVE

CVE-2025-10755

• CNNVD Published: 2025-09-20

Description (Chinese)

Selleo Mentingo是波兰Selleo公司的一款企业内部培训与员工发展平台。 Selleo Mentingo 2025.08.27版本存在代码问题漏洞，该漏洞源于Content-Type Handler组件对参数userAvatar的限制不足，可能导致远程任意文件上传。

Description (English)

Selleo Mentingo is an in-house training and staff development platform for the Polish company Seleo. Version 2025.08.27 of Seleo Mentingo has a code gap, which stems from the fact that the Content-Type Handler component does not have sufficient restrictions on the parameter user Avatar, which may lead to any remote upload of the file.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Sensaphone

Published

2025-09-20

Last Modified

2026-02-24

References

https://gist.github.com/KhanMarshaI/7a2e74fcb194f7d6ee7e60da4a14af7b https://vuldb.com/?ctiid.325069 https://vuldb.com/?id.325069 https://vuldb.com/?submit.645419 https://access.redhat.com/security/cve/cve-2025-10755