CNNVD-202511-2587 Information

Nov 24, 2025 cve

CNNVD ID

CNNVD-202511-2587

CVE-2025-13574

CNNVD Published: 2025-11-24

Description (Chinese)

Code-Projects Online Bidding System是Code-Projects开源的一个在线竞价系统。 Code-Projects Online Bidding System 1.0版本存在代码问题漏洞，该漏洞源于文件/administrator/addcategory.php中函数categoryadd对参数catimage的错误操作，可能导致无限制上传。

Description (English)

Code-Projects Online Bidding Systems is an online competitive system open to Code-Projects. There is a code problem loophole in version 1.0 of Code-Projects Online Biding System, which stems from the error in the document/administrator/addcategory.php function Categoryadd against parameter catimage, which may lead to unlimited uploading.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Code-Projects

Published

2025-11-24

Last Modified

2026-02-24

References

https://vuldb.com/?submit.698717 https://vuldb.com/?submit.698718 https://vuldb.com/?id.333338 https://code-projects.org/ https://github.com/Yohane-Mashiro/cve/blob/main/upload%201.md https://vuldb.com/?ctiid.333338 https://access.redhat.com/security/cve/cve-2025-13574

Share on: