exploitDog

GHSA-9924-rxm2-pj79

Опубликовано: 22 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.6

Описание

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

Ссылки

EPSS

Процентиль: 15%

0.0005

Низкий

9.6 Critical

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-67289

CVSS3: 9.6

nvd

около 2 месяцев назад

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

EPSS

Процентиль: 15%

0.0005

Низкий

9.6 Critical

CVSS3

CVE ID

Дефекты

CWE-79