CVE-2025-3798 MEDIUM

CVE-2025-3798: WCMS Advertisement Image AdvadminController.php sub unrestricted upload

Vendor N/A
Product WCMS
Weakness CWE-434 · Unrestricted file upload
Published April 19, 2025
Last update April 21, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

April 19, 2025 CVE published
April 21, 2025 Record updated

Related vulnerabilities

04Related CVE