What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.5.
Explanation of Vulnerability in Simple Terms
02Summary
Ajar in5 Embed versions 3.1.5 and earlier allow unauthenticated attackers to upload arbitrary files to the server without restriction. An attacker can upload malicious files (such as PHP scripts) over the network with no authentication required. This can lead to complete compromise of the affected system, including data theft, site defacement, and malware installation.
What an attacker can do
03Attacker Capabilities
Upload arbitrary files to the server and execute malicious code without authentication.
Potential impact on your site
04Site Impact
Complete compromise of the site: attackers can run code, steal data, deface content, or install malware.
Conditions required to exploit
05Prerequisites
Network access to the vulnerable application; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
April 28, 2026
Record updated