CNNVD-202512-5067 Information

CNNVD ID

CNNVD-202512-5067

Related CVE

CVE-2025-15360

• CNNVD Published: 2025-12-30

Description (Chinese)

newbee-mall-plus是newbee-ltd开源的一个电商系统。 newbee-mall-plus 2.0.0版本存在安全漏洞，该漏洞源于对文件src/main/java/ltd/newbee/mall/controller/common/UploadController.java中参数File的错误操作，可能导致不受限制的上传。

Description (English)

Newbee-mall-plus is a newbee-ltd power source. There is a security loophole in version 2.0.0 of newbee-mall-plus, which stems from an error in the File parameter in document src/main/java/ltd/newbee/mall/controller/common/UploadController.java, which could lead to unrestricted uploading.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Nginx Proxy Manager

Published

2025-12-30

Last Modified

2026-02-24

References

https://github.com/zyhzheng500-maker/cve/blob/main/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md https://vuldb.com/?ctiid.338744 https://vuldb.com/?id.338744 https://vuldb.com/?submit.716785