PT-2026-1031 · Unknown · Xnx3 Wangmarket

Yuccun

Published

2026-01-01

Updated

2026-01-02

CVE-2025-15415

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4

Description A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the uploadImage function within the /sits/uploadImage.do file allows for unrestricted file uploads through manipulation of the image argument. This allows for remote exploitation. The details of the exploit have been publicly disclosed, and the vendor was informed but did not respond.

Recommendations Versions prior to 6.4 should be updated. As a temporary workaround, consider restricting access to the /sits/uploadImage.do file or disabling the uploadImage function until a patch is available.

Exploit

Fix

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-284

Related Identifiers

CVE-2025-15415

Affected Products

Xnx3 Wangmarket

PT-2026-1031 · Unknown · Xnx3 Wangmarket

CVE-2025-15415

Weakness Enumeration

Related Identifiers

Affected Products

References · 10