CVE-2025-6001 Information

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

Reference

https://blog.blacklanternsecurity.com/p/doomla-zero-days

Related CNNVD

CNNVD-202506-1619 (Published: 2025-06-11)