From f1578229277b34b5503fe01e0150dd873253e525 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 24 Mar 2025 10:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2702.json | 109 +++++++++++++++++++++++++++++++++-- 1 file changed, 105 insertions(+), 4 deletions(-) diff --git a/2025/2xxx/CVE-2025-2702.json b/2025/2xxx/CVE-2025-2702.json index 09803e7efae..9bfda84aa3a 100644 --- a/2025/2xxx/CVE-2025-2702.json +++ b/2025/2xxx/CVE-2025-2702.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1. This issue affects the function ImageAdd of the file /ImageAdd.ashx. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Softwin WMX3 3.1 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion ImageAdd der Datei /ImageAdd.ashx. Dank Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload", + "cweId": "CWE-434" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Softwin", + "product": { + "product_data": [ + { + "product_name": "WMX3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.300719", + "refsource": "MISC", + "name": "https://vuldb.com/?id.300719" + }, + { + "url": "https://vuldb.com/?ctiid.300719", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.300719" + }, + { + "url": "https://vuldb.com/?submit.516289", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.516289" + }, + { + "url": "https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_1.md", + "refsource": "MISC", + "name": "https://github.com/Rain1er/report/blob/main/THNlcnBf/RCE_1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "XU NIE (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }