CVE-2025-15152 | h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa PmsProductController.java addProduct objectName unrestricted upload

A vulnerability categorized as critical has been discovered in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload.

This vulnerability is listed as CVE-2025-15152. The attack may be performed from remote. There is no available exploit.

This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

CVE-2025-15152 | h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa PmsProductController.java addProduct objectName unrestricted upload

Post correlati

CVE-2022-39888 | Samsung Devices retrieveExternalProxy access control

CVE-2024-46652 | Tenda AC8v4 16.03.34.06 fromAdvSetMacMtuWan stack-based overflow

CVE-2024-4947 | Google Chrome prior 125.0.6422.60 V8 type confusion (ID 340221)

CVE-2024-42391 | Cesanta Mongoose Web Server up to 7.14 TLS Packet out-of-range pointer offset