CVE-2025-2115 | zzskzy Warehouse Refinement Management System 3.1 /AcceptZip.ashx ProcessRequest file unrestricted upload

Inserito da Angelo Barbosa | Mar 8, 2025 | CVE

A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is traded as CVE-2025-2115. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-2115 | zzskzy Warehouse Refinement Management System 3.1 /AcceptZip.ashx ProcessRequest file unrestricted upload

Post correlati

CVE-2023-32849 | MediaTek MT8798 Cmdq out-of-bounds write (ALPS08161758)

CVE-2024-1633 | Renesas rcar_gen3 2.5 Image bl2_mem_params_descs integer overflow

CVE-2024-10885 | SearchIQ Plugin up to 4.6 on WordPress cross site scripting

CVE-2024-24806 | libuv up to 1.47.x src/unix/getaddrinfo.c uv_getaddrinfo server-side request forgery (GHSA-f74f-cvh7-c6q6)