CVE-2025-5381 - CERT CVE
ID CVE-2025-5381
Sažetak A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Reference
CVSS
Base: 3.3
Impact: 2.9
Exploitability:6.4
Pristup
VektorSloženostAutentikacija
NETWORK LOW MULTIPLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE NONE
CVSS vektor AV:N/AC:L/Au:M/C:P/I:N/A:N
Zadnje važnije ažuriranje 31-05-2025 - 15:15
Objavljeno 31-05-2025 - 15:15