CVE-2025-1890 | shishuocms 1.1 ManageUpLoadAction.java handleRequest file unrestricted upload

Posted by Angelo Barbosa | Mar 3, 2025 | CVE

A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2025-1890. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1890 | shishuocms 1.1 ManageUpLoadAction.java handleRequest file unrestricted upload

Related Posts

CVE-2024-44043 | 10Web Photo Gallery Plugin up to 1.8.27 on WordPress cross site scripting

CVE-2024-12745 | Amazon Redshift Python Connector 2.1.4 Metadata API get_schemas/get_tables/get_columns sql injection

CVE-2024-41685 | SyroTech SY-GPON-1110-WDONT 3.1.02-231102 Web Management Interface cookie httponly flag (CIVN-2024-0225)

CVE-2024-26938 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2/6.9-rc1 drm intel_bios_encoder_supports_dp_dual_mode Privilege Escalation