CVE-2025-13949

Name of the Vulnerable Software and Affected Versions ProudMuBai GoFilm versions 1.0.0 through 1.0.1

Description A flaw exists in ProudMuBai GoFilm that allows for unrestricted file uploads. This issue is located within the SingleUpload function of the /server/controller/FileController.go file. The File argument can be manipulated to achieve this. The attack can be initiated remotely, and a publicly available exploit exists. The vendor was notified but did not respond.

Recommendations Update ProudMuBai GoFilm to a version newer than 1.0.1. As a temporary workaround, restrict access to the SingleUpload function in /server/controller/FileController.go until a patch is available.