PT-2025-53644 · Chenjinchuang · Lin-Cms-Tp5
Formanagain
·
Published
2025-12-28
·
Updated
2025-12-28
·
CVE-2025-15129
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ChenJinchuang Lin-CMS-TP5 versions up to 0.3.3
Description
A flaw exists in ChenJinchuang Lin-CMS-TP5 that allows for remote code injection. The issue is located in the
Upload function within the LocalUploader.php file of the File Upload Handler component. Manipulation of the File argument can lead to code injection. The exploit for this issue has been published.Recommendations
Versions up to 0.3.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lin-Cms-Tp5