Jakub Stankiewicz

Researcher fromAfine Team
#8828of 53,632
31Total CVSS
Vulnerabilities · 4
Medium
1
High
1
Critical
2
PT-2025-16591
9.4
2025-04-16
Ready · Ready · CVE-2025-1980
**Name of the Vulnerable Software and Affected Versions** Ready versions installed at the turn of 2021 and 2022 **Description** The issue allows users to upload files of any type and extension without restriction in the Profile section of the Ready application. If the server is misconfigured, it can result in Remote Code Execution. This misconfiguration was present by default in installations from late 2021 and early 2022. **Recommendations** For versions installed at the turn of 2021 and 2022, ensure proper server configuration to prevent Remote Code Execution, as described in the Required Configuration for Exposure section.
PT-2025-16592
9.4
2025-04-16
Symfonia · Ready · CVE-2025-1981
**Name of the Vulnerable Software and Affected Versions** Ready (affected versions not specified) **Description** The issue arises from the improper neutralization of user input in a file search function within the invoices module, allowing for SQL Injection attacks. This can be exploited by a low-privileged user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-16593
7.1
2025-04-16
Ready · Ready · CVE-2025-1982
**Name of the Vulnerable Software and Affected Versions** Ready (affected versions not specified) **Description** The issue allows a low-privileged user to provide a link to a local file using the `file://` protocol, enabling the attacker to read the content of the file. This can be used to read the content of system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-16594
5.1
2025-04-16
Unknown · Ready File Explorer · CVE-2025-1983
**Name of the Vulnerable Software and Affected Versions** Ready File Explorer (affected versions not specified) **Description** A cross-site scripting (XSS) issue in the upload functionality of Ready File Explorer allows the injection of arbitrary JavaScript code in the filename. The injected content is stored on the server and is executed every time a user interacts with the uploaded file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.