CVE-2025-15415

Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4

Description A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the uploadImage function within the /sits/uploadImage.do file allows for unrestricted file uploads through manipulation of the image argument. This allows for remote exploitation. The details of the exploit have been publicly disclosed, and the vendor was informed but did not respond.

Recommendations Versions prior to 6.4 should be updated. As a temporary workaround, consider restricting access to the /sits/uploadImage.do file or disabling the uploadImage function until a patch is available.