CVE-2025-4868 | merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd File Upload Endpoint /api/v1/admin/ filename path traversal

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/ of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal.

This vulnerability is handled as CVE-2025-4868. The attack may be launched remotely. Furthermore, there is an exploit available.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

CVE-2025-4868 | merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd File Upload Endpoint /api/v1/admin/ filename path traversal

Post correlati

CVE-2024-29096 | Matt Manning MJM Clinic Plugin up to 1.1.22 on WordPress cross site scripting

CVE-2024-36466 | Zabbix up to 6.0.31/6.4.16/7.0.0 Cookie zbx_session authentication spoofing

CVE-2024-41239 | Kashipara Responsive School Management System 1.0 add_class_submit.php class_name cross site scripting

CVE-2024-23445 | Elasticsearch up to 8.13.x access control