PT-2025-47867 · Unknown · Projectworlds

Gysakura

Publicado

2025-11-23

Atualizado

2025-12-02

CVE-2025-13573

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions projectworlds version 1.0

Description A security flaw exists in projectworlds that allows for the passing of malicious payloads up to version 1.0. The issue affects unknown code within the '/add book.php' file. Manipulation of the image argument results in unrestricted upload capabilities, and the attack can be executed remotely. The exploit has been publicly released.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-434

Identificadores relacionados

CVE-2025-13573

Produtos afetados

Projectworlds

PT-2025-47867 · Unknown · Projectworlds

CVE-2025-13573

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11