CVE-2025-30169

MEDIUM Year: 2025
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

Related Vulnerabilities

CVE-2018-20925

MEDIUM
CVSS:6.7(Medium)

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).

CWE-4342018

CVE-2018-20926

MEDIUM
CVSS:6.7(Medium)

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).

CWE-4342018

CVE-2020-4928

MEDIUM
CVSS:6.7(Medium)

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on t...

CWE-4342020

CVE-2022-43192

MEDIUM
CVSS:6.7(Medium)

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is relat...

CWE-4342022

CVE-2023-3692

MEDIUM
CVSS:6.7(Medium)

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.

CWE-4342023

CVE-2025-30173

MEDIUM
CVSS:6.7(Medium)

File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX S...

CWE-4342025