CVE-2025-15129

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-15129

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15129.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15129

Published

2025-12-28T09:15:41.707Z

Modified

2026-03-14T15:01:54.658122Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15129.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "an"
            }
        ]
    }
]