CVE-2025-13949 | ProudMuBai GoFilm 1.0.0/1.0.1 FileController.go SingleUpload File unrestricted upload

Inserito da Angelo Barbosa | Dic 3, 2025 | CVE

A vulnerability marked as critical has been reported in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is listed as CVE-2025-13949. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13949 | ProudMuBai GoFilm 1.0.0/1.0.1 FileController.go SingleUpload File unrestricted upload

Post correlati

CVE-2025-7028 | GIGABYTE UEFI-SmiFlash 1.0.0 Software SMI SwSmiInputValue untrusted pointer dereference

CVE-2025-32786 | glpi-project glpi-inventory-plugin up to 1.5.0 sql injection

CVE-2025-7615 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi clearPairCfg ip command injection

CVE-2023-28873 | Seafile 9.0.6 Wiki/Discussion Page cross site scripting (usd-2022-0032)