CVE-2025-4260

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2013-0342

MEDIUM
CVSS:4.3(Medium)

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than...

CWE-202013

CVE-2013-1811

MEDIUM
CVSS:4.3(Medium)

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

CWE-202013

CVE-2013-1930

MEDIUM
CVSS:4.3(Medium)

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

CWE-202013

CVE-2015-7789

MEDIUM
CVSS:4.3(Medium)

ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.

CWE-202015

CVE-2016-0005

MEDIUM
CVSS:4.3(Medium)

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."

CWE-202016

CVE-2016-0211

MEDIUM
CVSS:4.3(Medium)

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA messa...

CWE-202016