CNNVD-202510-3759 Information

CNNVD ID

CNNVD-202510-3759

Related CVE

CVE-2025-12201

• CNNVD Published: 2025-10-27

Description (Chinese)

User-Management-PHP-MYSQL是Ajay Randhawa个人开发者的一个安全的用户管理系统。 User-Management-PHP-MYSQL存在代码问题漏洞，该漏洞源于对文件/admin/edit-user.php中参数image的错误操作，可能导致任意文件上传。

Description (English)

User-Management-PHP-MYSQL is a secure user management system for Ajay Randhwa personal developers. There is a code-issue loophole in User-Management-PHP-MYSQL, which stems from a mishandling of the parameter image in the document/admin/edit-user.php, which could lead to any upload of the document.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx https://vuldb.com/?ctiid.329871 https://vuldb.com/?id.329871 https://vuldb.com/?submit.673156