PT-2025-32257 · Tagfree · Tagfree X-Free Uploader Xfu
이우진
·
Published
2025-08-07
·
Updated
2025-08-07
·
CVE-2025-29866
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TAGFREE X-Free Uploader XFU versions 1.0.1.0084 through 1.0.1.0084
TAGFREE X-Free Uploader XFU versions 2.0.1.0034 through 2.0.1.0034
Description
An External Control of File Name or Path vulnerability exists in TAGFREE X-Free Uploader XFU, allowing for Parameter Injection. This issue potentially compromises file paths.
Recommendations
Update TAGFREE X-Free Uploader XFU to version 1.0.1.0085.
Update TAGFREE X-Free Uploader XFU to version 2.0.1.0035.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tagfree X-Free Uploader Xfu