exploitDog

CVE-2025-56263

Опубликовано: 16 сент. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.

Ссылки

https://github.com/by-night/sms/issues/50
Exploit
Issue Tracking
Third Party Advisory
https://github.com/echo0d/vulnerability/blob/main/by-night_sms/fileUpload.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:by-night:sms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-fpcm-8wrp-qj95

CVSS3: 8.8

github

5 месяцев назад

by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.

EPSS

Процентиль: 23%

0.00076

Низкий

8.8 High

CVSS3

Дефекты

CWE-434