CVE-2025-8344 | openviglet shio up to 0.3.8 ShStaticFileAPI.java shStaticFileUpload filename unrestricted upload (Issue 1029)

Inserito da Angelo Barbosa | Lug 30, 2025 | CVE

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload.

This vulnerability is traded as CVE-2025-8344. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-8344 | openviglet shio up to 0.3.8 ShStaticFileAPI.java shStaticFileUpload filename unrestricted upload (Issue 1029)

Post correlati

CVE-2024-41836 | Adobe InDesign Desktop up to 18.5.2/19.3 null pointer dereference (apsb24-48)

CVE-2025-24676 | Metatagg Custom WP Store Locator Plugin up to 1.4.7 on WordPress cross site scripting

CVE-2024-48454 | SourceCodester Purchase Order Management System 1.0 /admin?page=user Privilege Escalation

CVE-2018-25090 | WAGO Controller BACnet IP cross site scripting (VDE-2023-039)