CVE-2025-5171 | llisoft MTA Maita Training System 4.5 OpenController.java this.fileService.download url unrestricted upload

A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file comllisoftcontrollerOpenController.java. The manipulation of the argument url leads to unrestricted upload.

The identification of this vulnerability is CVE-2025-5171. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5171 | llisoft MTA Maita Training System 4.5 OpenController.java this.fileService.download url unrestricted upload

Post correlati

CVE-2024-12035 | Chimpstudio CS Framework Plugin up to 6.9 on WordPress wp-config.php cs_widget_file_delete path traversal

CVE-2024-4754 | Next4Biz CRM & BPM Software Business Process Manangement 6.6.4.4 cross site scripting

CVE-2024-29815 | Aminur Islam WP Change Email Sender Plugin up to 1.2.x on WordPress cross site scripting

CVE-2024-2593 | Amssplus AMSS++ 4.31 bookdetail_group.php b_id cross site scripting