What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles crossword-compiler-puzzles allows Upload a Web Shell to a Web Server.This issue affects Crossword Compiler Puzzles: from n/a through <= 5.2.
Explanation of Vulnerability in Simple Terms
02Summary
Crossword Compiler Puzzles versions 5.2 and earlier allow authenticated users to upload files without proper validation. An attacker with low-level access can upload malicious files that may execute on the server or be accessed by other users. The vulnerability affects confidentiality, integrity, and availability of the affected system.
What an attacker can do
03Attacker Capabilities
Upload malicious files to the server and potentially execute code or access sensitive data.
Potential impact on your site
04Site Impact
Compromised sites may experience data theft, malware injection, or complete system takeover if exploited.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the system.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
April 28, 2026
Record updated