CNNVD-202510-3539 Information

CNNVD ID

CNNVD-202510-3539

Related CVE

CVE-2025-12291

• CNNVD Published: 2025-10-27

Description (Chinese)

Full-Ecommece-Website是中国Ashley Muzuro个人开发者的一个电子商务系统 (MES) 项目。 Full-Ecommece-Website 1.1.0及之前版本存在代码问题漏洞，该漏洞源于文件/admin/index.php?add_product中上传功能未受限制，可能导致远程攻击。

Description (English)

Full-Ecommece-Website is an e-commerce system (MES) project of Ashley Muzuro, a personal developer in China. Full-Ecommece-Website 1.1.0 and previous versions had a code problem loophole, which stemmed from the unrestricted upload function in the file/admin/index.php?add product, which could lead to a remote attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/Lianhaorui/Report/blob/main/FileUpload-1.docx https://vuldb.com/?id.329959 https://vuldb.com/?ctiid.329959 https://vuldb.com/?submit.675846 https://access.redhat.com/security/cve/cve-2025-12291