CVE-2025-4258 | zhangyanbo2007 youkefu up to 4.2.0 MediaController.java upload imgFile unrestricted upload

Inserito da Angelo Barbosa | Mag 4, 2025 | CVE

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file youkefu-mastersrcmainjavacomukefuwebimwebhandlerresourceMediaController.java. The manipulation of the argument imgFile leads to unrestricted upload.

This vulnerability is traded as CVE-2025-4258. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-4258 | zhangyanbo2007 youkefu up to 4.2.0 MediaController.java upload imgFile unrestricted upload

Post correlati

CVE-2025-0394 | Groundhogg Plugin up to 3.7.3.5 on WordPress gh_big_file_upload unrestricted upload

CVE-2024-46725 | Linux Kernel up to 5.10.225/5.15.166/6.1.108/6.6.49/6.10.8 AMD GPU out-of-bounds write

CVE-2024-52460 | AtaraPay WooCommerce Payment Gateway Plugin up to 2.0.13 on WordPress cross site scripting

CVE-2024-44996 | Linux Kernel up to 6.6.47/6.10.6 vsock_bpf_recvmsg Privilege Escalation (921f1acf0c3c/b4ee8cf1acc5/69139d2919dd)