CVE-2025-7939

Опубликовано: 21 июл. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

Ссылки

https://github.com/Bemcliu/cve-reports/blob/main/cve-03-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Arbitrary%20File%20Upload/readme.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.317076
Permissions Required
VDB Entry
https://vuldb.com/?id.317076
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.618986
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jerryshensjf:jpacookieshop:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

CWE-434

Связанные уязвимости

GHSA-gch3-g2qp-mcxw

CVSS3: 6.3

github

7 месяцев назад

EPSS

Процентиль: 15%

0.00047

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

CWE-434