CVE-2025-1165 | Lumsoft ERP 8 /Api/FileUploadApi.ashx DoUpload/DoWebUpload file unrestricted upload

Inserito da Angelo Barbosa | Feb 10, 2025 | CVE

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is traded as CVE-2025-1165. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-1165 | Lumsoft ERP 8 /Api/FileUploadApi.ashx DoUpload/DoWebUpload file unrestricted upload

Post correlati

CVE-2024-24825 | DIRAC prior 8.0.37 TokenManager permission

CVE-2023-52454 | Linux Kernel up to 6.7.1 nvmet-tcp nvmet_tcp_build_pdu_iovec null pointer dereference

CVE-2025-24885 | pwncollege dojo up to 613e4fd654b16e5e0888e9205702bde83de91c60 cross site scripting (GHSA-8m79-rmhw-rg84)

CVE-2024-26934 | Linux Kernel up to 6.9-rc1 drivers/usb/core/sysfs.c usb_deauthorize_interface deadlock