PT-2025-47868 · Code Projects · Online Bidding System
Yohane-Mashiro
·
Published
2025-11-24
·
Updated
2025-12-02
·
CVE-2025-13574
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Online Bidding System version 1.0
Description
A weakness exists in code-projects Online Bidding System 1.0 that allows for unrestricted file upload. This issue is present in the
categoryadd function within the /administrator/addcategory.php file. The manipulation of the catimage argument enables this functionality. The exploit for this issue has been publicly released and is available for use.Recommendations
Apply any available updates or patches for code-projects Online Bidding System version 1.0.
As a temporary workaround, restrict access to the
/administrator/addcategory.php file.
Consider temporarily disabling the categoryadd function until a patch is available.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Online Bidding System