CVE-2025-8128 | zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98 routesbfproduct.js pictrdtz unrestricted upload (Issue 13)

A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routesbfproduct.js. The manipulation of the argument pictrdtz leads to unrestricted upload.

The identification of this vulnerability is CVE-2025-8128. The attack may be initiated remotely. Furthermore, there is an exploit available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

CVE-2025-8128 | zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98 routesbfproduct.js pictrdtz unrestricted upload (Issue 13)

Post correlati

CVE-2025-3302 | Xagio SEO Plugin up to 7.1.0.16 on WordPress HTTP_REFERER cross site scripting

CVE-2025-7454 | Campcodes Online Movie Theater Seat Reservation System 1.0 manage_theater.php ID sql injection

CVE-2024-32633 | ASR Falcon/Crane prior CP01.057.067 eMMC Full Disk Test expression is always false

CVE-2024-9377 | Products, Order & Customers Export for WooCommerce Plugin cross site scripting