CVE-2025-52130

Name of the Vulnerable Software and Affected Versions: WebErpMesv2 version 1.17

Description: A file upload vulnerability exists in the app/Http/Controllers/FactoryController.php controller. An authenticated attacker can upload arbitrary files, including PHP scripts. These files are accessible via direct GET requests, potentially leading to remote code execution (RCE) on the web server.

Recommendations: As a temporary workaround, restrict file uploads to authorized users only. Review and sanitize all uploaded files before processing them. Implement strict file type validation to prevent the upload of executable files. Consider disabling the file upload functionality if it is not essential for the application's operation.