CVE-2025-3566 Information

Description

A vulnerability which was classified as critical has been found in veal98 ??? Echo ?????? 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/caigo8/CVE-md/blob/main/Echo/%E6%9C%AA%E6%8E%88%E6%9D%83%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md https://vuldb.com/?ctiid.304607 https://vuldb.com/?id.304607 https://vuldb.com/?submit.549509

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.3