CVE-2025-46080

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.

Related Vulnerabilities

CVE-2018-16821

MEDIUM
CVSS:5.3(Medium)

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.

CWE-4342018

CVE-2018-19789

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string...

CWE-4342018

CVE-2021-29022

MEDIUM
CVSS:5.3(Medium)

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

CWE-4342021

CVE-2023-38330

MEDIUM
CVSS:5.3(Medium)

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP ...

CWE-4342023

CVE-2023-40183

MEDIUM
CVSS:5.3(Medium)

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `Im...

CWE-4342023