CVE-2025-3566

MEDIUM Year: 2025
CVSS v3 Score
6.1
Medium
CVSS v2 Score
7.5
High
Weakness Type
CWE-284
View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2014-8168

MEDIUM
CVSS:6.1(Medium)

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.

CWE-2842014

CVE-2014-9717

MEDIUM
CVSS:6.1(Medium)

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restri...

CWE-2842014

CVE-2016-1492

MEDIUM
CVSS:6.1(Medium)

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragin...

CWE-2842016

CVE-2016-5606

MEDIUM
CVSS:6.1(Medium)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.

CWE-2842016

CVE-2016-5622

MEDIUM
CVSS:6.1(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers...

CWE-2842016

CVE-2016-7223

MEDIUM
CVSS:6.1(Medium)

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files,...

CWE-2842016