CVE-2025-15415 | xnx3 wangmarket up to 6.4 XML File /sits/uploadImage.do uploadImage image unrestricted upload

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability has been found in xnx3 wangmarket up to 6.4 and classified as critical. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload.

This vulnerability is referenced as CVE-2025-15415. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15415 | xnx3 wangmarket up to 6.4 XML File /sits/uploadImage.do uploadImage image unrestricted upload

Post correlati

CVE-2024-13361 | AI Power Plugin up to 1.8.96 on WordPress Shortcode authorization

CVE-2025-61128 | Wavlink QUANTUM D3G WL-WN530HG3 M30HG3_V240730 login.cgi referrer stack-based overflow

CVE-2024-33627 | Cusmin Absolutely Glamorous Custom Admin Plugin up to 7.2.2 on WordPress server-side request forgery

CVE-2024-13811 | AlThemist Lafka Plugin up to 4.5.7 on WordPress lafka_import_lafka authorization