PT-2025-35644 · Code Projects · Mobile Shop Management System

111Ctx

Publicado

2025-09-02

Atualizado

2025-09-03

CVE-2025-9841

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Mobile Shop Management System version 1.0

Description A security issue has been identified in code-projects Mobile Shop Management System version 1.0. The vulnerability involves unrestricted upload capabilities due to the manipulation of the ProductImage argument within the file AddNewProduct.php. This issue is exploitable remotely. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting file uploads through the AddNewProduct.php file until a fix is available.

Exploit

Correção

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2025-9841

Produtos afetados

Mobile Shop Management System

PT-2025-35644 · Code Projects · Mobile Shop Management System

CVE-2025-9841

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10