CVE-2025-1791 | Zorlan SkyCaiji 2.9 Tool.php fileAction save_data unrestricted upload

Inserito da Angelo Barbosa | Feb 28, 2025 | CVE

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload.

This vulnerability was named CVE-2025-1791. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1791 | Zorlan SkyCaiji 2.9 Tool.php fileAction save_data unrestricted upload

Post correlati

CVE-2023-51445 | GeoServer up to 2.23.2 REST Resources API cross site scripting (GHSA-fh7p-5f6g-vj2w)

CVE-2024-27289 | jackc pgx Line Comment sql injection

CVE-2024-26454 | Healthcare-Chatbot up to 9b7058a login.php email1/pwd1 cross site scripting

CVE-2024-23061 | Totolink A3300R 17.0.0cu.557_B20221024 setScheduleCfg minute command injection