CVE-2025-13574 | code-projects Online Bidding System 1.0 addcategory.php categoryadd catimage unrestricted upload

Inserito da Angelo Barbosa | Nov 23, 2025 | CVE

A vulnerability marked as critical has been reported in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload.

This vulnerability is tracked as CVE-2025-13574. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2025-13574 | code-projects Online Bidding System 1.0 addcategory.php categoryadd catimage unrestricted upload

Post correlati

CVE-2025-24924 | GMOD Apollo up to 2.7.x missing authentication (icsa-25-063-07)

CVE-2024-34449 | vanessa219 Vditor 3.10.3 Element Attribute cross site scripting

CVE-2024-40553 | Tmall Demo 2024.07.03 uploadUserHeadImage unrestricted upload

CVE-2024-13584 | Picture Gallery Plugin up to 1.5.19 on WordPress cross site scripting