cve/CVE-2025-9795.md at b99156590a6b0c1cf0b374aa41887d37143570c8

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. In xujeff tianti 天梯 bis 2.3 wurde eine Schwachstelle gefunden. Es betrifft die Funktion ajaxUploadFile der Datei src/main/java/com/jeff/tianti/controller/UploadController.java. Die Veränderung des Parameters upfile resultiert in unrestricted upload. Der Angriff kann remote ausgeführt werden. Der Exploit steht zur öffentlichen Verfügung.

POC

Reference

https://github.com/xujeff/tianti/issues/43
https://github.com/xujeff/tianti/issues/43#issue-3287851827

Github

https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/zast-ai/vulnerability-reports

1.7 KiB Raw Blame History

CVE-2025-9795

Description

POC

Reference

Github

1.7 KiB

Raw Blame History