CVE-2025-15109 | jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261 upload.php unrestricted upload (IDC4ZT)

A vulnerability, which was classified as critical, has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload.

The identification of this vulnerability is CVE-2025-15109. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15109 | jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261 upload.php unrestricted upload (IDC4ZT)

Post correlati

CVE-2024-8742 | Essential Addons for Elementor Plugin up to 6.0.3 on WordPress Filterable Gallery Widget cross site scripting

CVE-2025-7071 | Oberon ocrypto up to 3.9.1 timing discrepancy

CVE-2024-53932 | com.remi.colorphone.callscreen.calltheme.callerscreen DialerActivity Component permission

CVE-2021-47116 | Linux Kernel up to 5.10.42/5.12.9 ext4 ext4_mb_init_backend memory leak (2050c6e5b161/04fb2baa0b14/a8867f4e3809)