CNNVD-202601-003 Information

CNNVD ID

CNNVD-202601-003

Related CVE

CVE-2025-15415

• CNNVD Published: 2026-01-01

Description (Chinese)

wangmarket是中国xnx3个人开发者的一个私有化部署自己的 SAAS 云建站系统。 wangmarket 6.4及之前版本存在代码问题漏洞，该漏洞源于对文件/sits/uploadImage.do中参数image的错误操作，可能导致任意文件上传。

Description (English)

Wangmarket is a privatized xx3 individual developer in China that deploys its own SAAS cloud station system. Wangmarket 6.4 and previous versions had a code problem loophole, which stemmed from a mishandling of the parameter image in file/sits/uploadImage.do, which could lead to any upload of the document.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-01-01

Last Modified

2026-02-24

References

https://github.com/yuccun/CVE/blob/main/wangmarket-Upload2StoredXSS.md https://vuldb.com/?ctiid.339336 https://vuldb.com/?id.339336 https://vuldb.com/?submit.721078